Explore top 10 tips to secure your open-source projects now. Read More
×
Addressable could be made to consume resources and cause a denial of
service if it received specially crafted input.
Software Description:
- ruby-addressable: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library
Details:
It was discovered that Addressable incorrectly handled certain URI
templates, generating regular expressions vulnerable to catastrophic
backtracking. An attacker could use this issue to craft a URI that, when matched
against a vulnerable template, causes excessive resource consumption,
leading to a denial of service.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
ruby-addressable 2.8.7-2ubuntu0.26.04.1~esm1
Available with Ubuntu Pro
Ubuntu 24.04 LTS
ruby-addressable 2.8.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
ruby-addressable 2.8.0-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-addressable 2.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-addressable 2.5.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ruby-addressable 2.3.8-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8515-1
CVE-2026-35611
Get the latest Linux and open source security news straight to your inbox.