FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods

Affected packages
2.6.0,1 <= ruby < 2.6.9,1
2.7.0,1 <= ruby < 2.7.5,1
3.0.0,1 <= ruby < 3.0.3,1
2.6.0,1 <= ruby26 < 2.6.9,1
2.7.0,1 <= ruby27 < 2.7.5,1
3.0.0,1 <= ruby30 < 3.0.3,1
rubygem-date < 3.2.1

Details

VuXML ID 6916ea94-4628-11ec-bbe2-0800270512f4
Discovery 2021-11-15
Entry 2021-11-15
Modified 2021-11-24

Stanislav Valkanov reports:

Date's parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected.

References

CVE Name CVE-2021-41817
URL https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/