Advisories ยป MGASA-2023-0291

Updated ruby-RedCloth packages fix a security vulnerability

Publication date: 20 Oct 2023
Modification date: 20 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-31606

Description

A Regular Expression Denial of Service (ReDoS) issue was discovered
in the sanitize_html function of redcloth gem v4.0.0. This
vulnerability allows attackers to cause a Denial of Service (DoS)
via supplying a crafted payload. (CVE-2023-31606)
                

References

SRPMS

8/core

9/core