CVE-2024-35231
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
In short
rack-contrib versions before 2.5.0 allow attackers to cause a denial of service by sending requests with extremely large values in the 'profiler_runs' parameter, forcing the server to allocate unlimited memory and CPU resources.
Technical detail
The vulnerability exists in the profiler middleware which accepts user-controlled 'profiler_runs' parameter without validation or limits (CWE-770: Allocation of Resources Without Limits or Throttling). An unauthenticated remote attacker can craft requests with arbitrarily large values to exhaust server resources, resulting in DoS. Fixed in version 2.5.0 with proper input validation.
Summary generated and translated by AI from the official description.
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected products
rack · rack-contribWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →