rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-27T16:40:08.678Z
Updated: 2024-08-02T03:07:46.936Z
Reserved: 2024-05-14T15:39:41.785Z
Link: CVE-2024-35231
Vulnrichment
Updated: 2024-05-28T16:20:54.480Z
NVD
Status : Awaiting Analysis
Published: 2024-05-27T17:15:09.760
Modified: 2024-11-21T09:19:59.130
Link: CVE-2024-35231
Redhat
No data.