{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"Medium"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"rubygem-globalid security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for rubygem-globalid is now available for openEuler-22.03-LTS-SP1.",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"URIs for your models makes it easy to pass references around.\n\nSecurity Fix(es):\n\nA ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for rubygem-globalid is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"Medium",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"rubygem-globalid",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2023-1112",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1112"
			},
			{
				"summary":"CVE-2023-22799",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-22799&packageName=rubygem-globalid"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22799"
			},
			{
				"summary":"openEuler-SA-2023-1112 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2023/csaf-openeuler-sa-2023-1112.json"
			}
		],
		"title":"An update for rubygem-globalid is now available for openEuler-22.03-LTS-SP1",
		"tracking":{
			"initial_release_date":"2023-02-21T14:15:44+08:00",
			"revision_history":[
				{
					"date":"2023-02-21T14:15:44+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				},
				{
					"date":"2024-10-31T14:15:44+08:00",
					"summary":"final",
					"number":"2.0.0"
				}
			],
			"generator":{
				"date":"2024-10-31T14:15:44+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2024-10-31T14:15:44+08:00",
			"id":"openEuler-SA-2023-1112",
			"version":"2.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"openEuler-22.03-LTS-SP1",
									"name":"openEuler-22.03-LTS-SP1"
								},
								"name":"openEuler-22.03-LTS-SP1",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"noarch",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"rubygem-globalid-0.4.2-4.oe2203sp1.noarch.rpm",
									"name":"rubygem-globalid-0.4.2-4.oe2203sp1.noarch.rpm"
								},
								"name":"rubygem-globalid-0.4.2-4.oe2203sp1.noarch.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch.rpm",
									"name":"rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch.rpm"
								},
								"name":"rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"rubygem-globalid-0.4.2-4.oe2203sp1.src.rpm",
									"name":"rubygem-globalid-0.4.2-4.oe2203sp1.src.rpm"
								},
								"name":"rubygem-globalid-0.4.2-4.oe2203sp1.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"rubygem-globalid-0.4.2-4.oe2203sp1.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.noarch",
					"name":"rubygem-globalid-0.4.2-4.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch",
					"name":"rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"rubygem-globalid-0.4.2-4.oe2203sp1.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.src",
					"name":"rubygem-globalid-0.4.2-4.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2023-22799",
			"notes":[
				{
					"text":"A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.noarch",
					"openEuler-22.03-LTS-SP1:rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch",
					"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.src"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.src"
					],
					"details":"rubygem-globalid security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1112"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"MEDIUM",
						"baseScore":5.3,
						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
						"version":"3.1"
					},
					"products":[
						"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:rubygem-globalid-doc-0.4.2-4.oe2203sp1.noarch",
						"openEuler-22.03-LTS-SP1:rubygem-globalid-0.4.2-4.oe2203sp1.src"
					]
				}
			],
			"threats":[
				{
					"details":"Medium",
					"category":"impact"
				}
			],
			"title":"CVE-2023-22799"
		}
	]
}