CVE-2023-36617: 
Ruby vulnerability analysis and mitigation

A ReDoS (Regular Expression Denial of Service) vulnerability was discovered in the URI component for Ruby, tracked as CVE-2023-36617. The vulnerability affects versions before 0.12.2 and was disclosed on June 29, 2023. The issue exists due to the URI parser mishandling invalid URLs containing specific characters, which was an incomplete fix for a previous vulnerability (CVE-2023-28755) (Ruby Lang).

The vulnerability manifests as an increase in execution time when parsing strings to URI objects, specifically in the rfc2396parser.rb and rfc3986parser.rb components. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NVD).

Successful exploitation of this vulnerability could lead to Denial of Service (DoS) conditions. The vulnerability affects the availability of the system by causing increased execution time when processing specially crafted URLs (NetApp Advisory).

Users are recommended to update to URI gem version 0.12.2 or 0.10.3 depending on their Ruby version. For Ruby 3.0, update to URI 0.10.3; for Ruby 3.1 and 3.2, update to URI 0.12.2. Alternatively, Ruby 3.2 users can update to Ruby 3.2.3. The updates can be applied using 'gem update uri' or by adding the appropriate version requirement to the Gemfile (Ruby Lang).