Vulnerability Details CVE-2023-31606
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.7%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/e23e/CVE-2023-31606#readme
- https://github.com/jgarber/redcloth
- https://github.com/jgarber/redcloth/issues/73
- https://lists.debian.org/debian-lts-announce/2023/07/msg00002.html
- https://security.gentoo.org/glsa/202401-14
- https://github.com/e23e/CVE-2023-31606#readme
- https://github.com/jgarber/redcloth
- https://github.com/jgarber/redcloth/issues/73
- https://lists.debian.org/debian-lts-announce/2023/07/msg00002.html
- https://security.gentoo.org/glsa/202401-14
Products affected by CVE-2023-31606
-
cpe:2.3:a:promptworks:redcloth:4.0.0
-
cpe:2.3:a:promptworks:redcloth:4.0.1
-
cpe:2.3:a:promptworks:redcloth:4.0.2
-
cpe:2.3:a:promptworks:redcloth:4.0.3
-
cpe:2.3:a:promptworks:redcloth:4.0.4
-
cpe:2.3:a:promptworks:redcloth:4.1.0
-
cpe:2.3:a:promptworks:redcloth:4.1.1
-
cpe:2.3:a:promptworks:redcloth:4.1.9
-
cpe:2.3:a:promptworks:redcloth:4.2.0
-
cpe:2.3:a:promptworks:redcloth:4.2.1
-
cpe:2.3:a:promptworks:redcloth:4.2.2
-
cpe:2.3:a:promptworks:redcloth:4.2.3
-
cpe:2.3:a:promptworks:redcloth:4.2.4
-
cpe:2.3:a:promptworks:redcloth:4.2.5
-
cpe:2.3:a:promptworks:redcloth:4.2.6
-
cpe:2.3:a:promptworks:redcloth:4.2.7
-
cpe:2.3:a:promptworks:redcloth:4.2.8
-
cpe:2.3:a:promptworks:redcloth:4.2.9
-
cpe:2.3:a:promptworks:redcloth:4.3.0
-
cpe:2.3:a:promptworks:redcloth:4.3.1
-
cpe:2.3:a:promptworks:redcloth:4.3.2