Login Sign Up

CVE-2023-31606

7.5 HIGH
Denial of Service

📋 TL;DR

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the sanitize_html function of the redcloth gem v4.0.0. Attackers can cause denial of service by sending specially crafted HTML payloads that trigger catastrophic backtracking in regular expressions. This affects any application using the vulnerable redcloth gem version.

💻 Affected Systems

Products:
  • redcloth gem
Versions: 4.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using the sanitize_html function from redcloth gem.

📦 What is this software?

Redcloth by Promptworks

View all CVEs affecting Redcloth →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to CPU exhaustion, potentially affecting all users of the application.

🟠

Likely Case

Degraded performance or temporary service disruption for affected endpoints processing malicious input.

🟢

If Mitigated

Minimal impact with proper input validation and rate limiting in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted HTML payloads to endpoints using the vulnerable function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.1

Vendor Advisory: https://github.com/jgarber/redcloth/issues/73

Restart Required: Yes

Instructions:

1. Update Gemfile to specify 'gem "redcloth", ">= 4.0.1"' 2. Run 'bundle update redcloth' 3. Restart application server

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement additional input validation to reject suspicious HTML patterns before reaching sanitize_html function.

Rate limiting

all

Implement rate limiting on endpoints using redcloth to prevent repeated exploitation attempts.

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block suspicious HTML patterns
  • Disable or restrict endpoints using redcloth sanitize_html function

🔍 How to Verify

Check if Vulnerable:

Check Gemfile.lock or run 'bundle show redcloth' to see if version 4.0.0 is installed.

Check Version:

bundle show redcloth

Verify Fix Applied:

Verify redcloth version is 4.0.1 or higher using 'bundle show redcloth' or checking Gemfile.lock.

📡 Detection & Monitoring

Log Indicators:

  • Unusually long processing times for HTML input
  • High CPU usage spikes
  • Requests with complex HTML patterns

Network Indicators:

  • Repeated requests with similar HTML payloads
  • Traffic patterns suggesting DoS attempts

SIEM Query:

source=application_logs AND (message="*redcloth*" OR message="*sanitize_html*") AND duration>5000ms

📊 Metadata

CVE ID: CVE-2023-31606
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
Published: June 6, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31606, you might also want to check these:

CVE-2023-29487 9.1

This CVE describes a denial-of-service vulnerability in Heimdal Thor agent's Threat To Process Corre...

Same vulnerability type (CWE-1333)
CVE-2025-62484 8.1

A regular expression complexity vulnerability in Zoom Workplace Clients allows unauthenticated attac...

Same vulnerability type (CWE-1333)
CVE-2024-4148 7.5

A Regular Expression Denial of Service (ReDoS) vulnerability in lunary-ai/lunary version 1.2.10 allo...

Same vulnerability type (CWE-1333)