Login Sign Up

CVE-2023-22799

7.5 HIGH
Denial of Service

📋 TL;DR

This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in GlobalID versions before 1.0.1. An attacker can cause excessive CPU consumption and service degradation by providing specially crafted input to vulnerable regular expressions. All applications using affected GlobalID versions are potentially vulnerable.

💻 Affected Systems

Products:
  • GlobalID (Ruby gem)
Versions: All versions < 1.0.1
Operating Systems: All operating systems running Ruby applications with GlobalID
Default Config Vulnerable: ⚠️ Yes
Notes: Any Ruby application using GlobalID for object identification is affected. Commonly used in Ruby on Rails applications.

📦 What is this software?

Globalid by Rubyonrails

View all CVEs affecting Globalid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to CPU exhaustion, leading to denial of service for legitimate users.

🟠

Likely Case

Performance degradation and intermittent service disruption affecting application responsiveness.

🟢

If Mitigated

Minimal impact with proper rate limiting, input validation, and monitoring in place.

🌐 Internet-Facing: HIGH - Publicly accessible endpoints using GlobalID are directly exploitable without authentication.
🏢 Internal Only: MEDIUM - Internal applications are still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

ReDoS attacks are well-understood and easy to craft. No authentication required to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1

Vendor Advisory: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

Restart Required: Yes

Instructions:

1. Update Gemfile to specify 'gem "globalid", ">= 1.0.1"'. 2. Run 'bundle update globalid'. 3. Restart your application server.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation to reject malformed GlobalID strings before processing.

Rate limiting

all

Implement rate limiting on endpoints that accept GlobalID parameters to limit attack impact.

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block suspicious patterns in GlobalID parameters
  • Deploy additional monitoring for CPU spikes and implement automated alerting

🔍 How to Verify

Check if Vulnerable:

Check Gemfile.lock or run 'bundle show globalid' to see installed version. If version is < 1.0.1, you are vulnerable.

Check Version:

bundle show globalid

Verify Fix Applied:

After updating, verify 'bundle show globalid' returns version 1.0.1 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Unusually long processing times for requests containing GlobalID parameters
  • CPU spikes correlated with specific request patterns

Network Indicators:

  • Repeated requests with similar but varying GlobalID parameters
  • Abnormal request patterns targeting endpoints using GlobalID

SIEM Query:

source=application_logs AND (message="*GlobalID*" OR message="*processing_time*" > 10s)

📊 Metadata

CVE ID: CVE-2023-22799
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: February 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22799, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)