Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- low
- Weaknesses
- CWE-1333
Metadata
- Primary Vendor
- RUBY-LANG
- Published
- 3/31/2023
- Last Modified
- 11/4/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ruby-lang : rubyruby-lang : timeruby-lang : timedebian : debian_linuxfedoraproject : fedorafedoraproject : fedorafedoraproject : fedora
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.