An update for rubygem-globalid is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1100 Final 1.0 1.0 2023-02-17 Initial 2023-02-17 2023-02-17 openEuler SA Tool V1.0 2023-02-17 rubygem-globalid security update An update for rubygem-globalid is now available for openEuler-20.03-LTS-SP1. URIs for your models makes it easy to pass references around. Security Fix(es): A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799) An update for rubygem-globalid is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium rubygem-globalid https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1100 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-22799 https://nvd.nist.gov/vuln/detail/CVE-2023-22799 openEuler-20.03-LTS-SP1 rubygem-globalid-doc-0.4.2-3.oe1.noarch.rpm rubygem-globalid-0.4.2-3.oe1.noarch.rpm rubygem-globalid-0.4.2-3.oe1.src.rpm A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. 2023-02-17 CVE-2023-22799 openEuler-20.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L rubygem-globalid security update 2023-02-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1100