Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
Upstream Commit: https://github.com/SpiderLabs/ModSecurity/commit/ab5658f2d4cfa5126db256cf3f9dcb299982366d
Created mod_security3 tracking bugs for this issue: Affects: fedora-all [bug 2227131]
Statement: ModSecurity v2.x is not affected. CVE-2023-38285 only affects ModSecurity v3.x releases. None of our products ships ModSecurity v3.x builds. Hence, Red Hat Enterprise Linux, Red Hat Software Collections and Red Hat JBoss Core Services are not affected by this CVE.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-38285