Rediscovering CVE-2023-36617 (ruby ReDoS) with fuzzing
summary
CVE-2023-36617
Two ReDoS bugs existed in the Ruby uri module. Both bugs cause the program to hang and eventually throw a URI::InvalidURIError error.
They affect version v0.12.2 of the gem.
The commit has some tests that help understand what w...
shafouz.hashnode.dev6 min read