CVE-2023-28755: 
Ruby vulnerability analysis and mitigation

A ReDoS (Regular Expression Denial of Service) vulnerability was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The vulnerability, identified as CVE-2023-28755, was discovered when the URI parser mishandles invalid URLs containing specific characters, causing increased execution time for parsing strings to URI objects (Ruby Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The issue affects the URI parser's handling of invalid URLs with specific characters, which can lead to excessive execution time when parsing strings to URI objects. The vulnerability is classified under CWE-1333 (Inefficient Regular Expression Complexity) (NVD).

Successful exploitation of this vulnerability could lead to a Denial of Service (DoS) condition. When the affected URI parser processes maliciously crafted input, it can cause significant increases in execution time, potentially impacting system availability (NetApp Advisory).

The fixed versions are uri gem 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Users are recommended to update based on their Ruby version: For Ruby 2.7, update to uri 0.10.0.1; For Ruby 3.0, update to uri 0.10.2; For Ruby 3.1, update to uri 0.11.1; For Ruby 3.2, update to uri 0.12.1. Users can update using 'gem update uri' or by adding the appropriate version requirement to their Gemfile (Ruby Advisory).