{"id":"CVE-2023-22796","details":"A regular expression based DoS vulnerability in Active Support \u003c6.1.7.1 and \u003c7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.","aliases":["GHSA-j6gc-792m-qgm2"],"modified":"2026-03-15T22:45:49.283186Z","published":"2023-02-09T20:15:11.487Z","related":["SUSE-SU-2023:0275-1","SUSE-SU-2023:0612-1","openSUSE-SU-2024:12767-1","openSUSE-SU-2024:14071-1","openSUSE-SU-2025:15114-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5372"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240202-0009/"},{"type":"FIX","url":"https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"6.1.7.1"}]},{"events":[{"introduced":"7.0.0"},{"fixed":"7.0.4.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22796.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}