CVE-2023-22799
CVE-2023-22799
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Feb 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.
Affected products
n/a · https://github.com/rails/globalidWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →