FreshPorts - VuXML

Dominic Couture reports:

A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects.

ge 2.7.0,1 lt 2.7.8,1

ge 3.0.0,1 lt 3.0.6,1

ge 3.1.0,1 lt 3.1.4,1

ge 3.2.0.p1,1 lt 3.2.2,1

ge 2.7.0,1 lt 2.7.8,1

ge 3.0.0,1 lt 3.0.6,1

ge 3.1.0,1 lt 3.1.4,1

ge 3.2.0.p1,1 lt 3.2.2,1

< 0.12.1

Hiroshi Tokumaru reports:

If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body.

Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object based on user input, an attacker may exploit it to inject invalid attributes in Set-Cookie header. We think such applications are unlikely, but we have included a change to check arguments for CGI::Cookie#initialize preventatively.

< 0.3.4

ge 2.7.0,1 lt 2.7.7,1

ge 3.0.0,1 lt 3.0.5,1

ge 3.1.0,1 lt 3.1.3,1

ge 3.2.0.p1,1 lt 3.2.0.r1,1

ge 2.7.0,1 lt 2.7.7,1

ge 3.0.0,1 lt 3.0.5,1

ge 3.1.0,1 lt 3.1.3,1

ge 3.2.0.p1,1 lt 3.2.0.r1,1

ooooooo_q reports:

The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects.

ge 2.7.0,1 lt 2.7.8,1

ge 3.0.0,1 lt 3.0.6,1

ge 3.1.0,1 lt 3.1.4,1

ge 3.2.0.p1,1 lt 3.2.2,1

ge 2.7.0,1 lt 2.7.8,1

ge 3.0.0,1 lt 3.0.6,1

ge 3.1.0,1 lt 3.1.4,1

ge 3.2.0.p1,1 lt 3.2.2,1

< 0.2.2