CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-22796 – rubygem-activesupport: Regular Expression Denial of Service
https://notcve.org/view.php?id=CVE-2023-22796
09 Feb 2023 — A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. A flaw was found in rubygem-activesupport. RubyGem's activesupport gem is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in... • https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 1CVE-2018-3779
https://notcve.org/view.php?id=CVE-2018-3779
10 Aug 2018 — active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. La gema de ruby active-support 5.2.0 podría permitir que un atacante remoto ejecute código arbitrario en el sistema, provocado debido a que contiene una puerta trasera maliciosa. Un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://hackerone.com/reports/392311 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •