Merge pull request #3008 from marocchino/update-affected-version

hsbt · web-flow · commit 55d19cfcdd7b · 2023-03-28T12:49:48.000+09:00
CVE-2023-28755: reorder affected versions new to old
diff --git a/en/news/_posts/2023-03-28-redos-in-uri-cve-2023-28755.md b/en/news/_posts/2023-03-28-redos-in-uri-cve-2023-28755.md
@@ -8,14 +8,14 @@ tags: security
 lang: en
 ---
 
-We have released the uri gem version 0.10.0.1, 0.10.2, 0.11.1 and 0.12.1 that has a security fix for a ReDoS vulnerability.
+We have released the uri gem version 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1 that has a security fix for a ReDoS vulnerability.
 This vulnerability has been assigned the CVE identifier [CVE-2023-28755](https://nvd.nist.gov/vuln/detail/CVE-2023-28755).
 
 ## Details
 
 A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects.
 
-The `uri` gem version 0.10.1, 0.10.2, 0.11.0, 0.12.0, and all versions 0.10.0 and prior are vulnerable for this vulnerability.
+The `uri` gem version 0.12.0, 0.11.0, 0.10.1, 0.10.0 and all versions prior 0.10.0 are vulnerable for this vulnerability.
 
 ## Recommended action
 
@@ -32,7 +32,8 @@ You can use `gem update uri` to update it. If you are using bundler, please add
 
 * uri gem 0.12.0
 * uri gem 0.11.0
-* uri gem 0.10.0 or 0.10.1
+* uri gem 0.10.1
+* uri gem 0.10.0 or before
 
 ## Credits
 
@@ -41,3 +42,4 @@ Thanks to [Dominic Couture](https://hackerone.com/dee-see?type=user) for discove
 ## History
 
 * Originally published at 2023-03-28 01:00:00 (UTC)
+* Update Affected versions at 2023-03-28 02:00:00 (UTC)
