Vulnerability Description
encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Diaconou | Encodedid\ | < 1.0.0, \ |
Related Weaknesses (CWE)
References
- https://github.com/advisories/GHSA-3px7-jm2p-6h2cExploitThird Party Advisory
- https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdcPatch
- https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2pExploitVendor Advisory
- https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2cThird Party Advisory
- https://github.com/advisories/GHSA-3px7-jm2p-6h2cExploitThird Party Advisory
- https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdcPatch
- https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2pExploitVendor Advisory
- https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2cThird Party Advisory
FAQ
What is CVE-2024-0241?
CVE-2024-0241 is a vulnerability with a CVSS score of 7.5 (HIGH). encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by send...
How severe is CVE-2024-0241?
CVE-2024-0241 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0241?
Check the references section above for vendor advisories and patch information. Affected products include: Diaconou Encodedid\.