CVE-2022-28738 log

Severity Unknown
Remote Unknown
Type Arbitrary code execution
double-free in Regexp compilation
Group Package Affected Fixed Severity Status Ticket
AVG-2757 ruby 3.0.3-1 3.0.4-1 High Fixed
compiling a Regexp from untrusted input is considered unsafe in general but this case is still considered a vulnerability. shows the severity as high, the linked reference is not yet public, the ruby-lang post does not state a severity, why nvd assumes this to be critical is unclear as they seem to assume it to be remotely exploitable which suggests the use in a webapp but that should be a cve for the webapp instead