Vulnerabilities

CVE-2024-0241

by Fred · 04/01/2024

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long “id” parameter.

More information : https://github.com/advisories/GHSA-3px7-jm2p-6h2c

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : NONE
Integrity impact : NONE
Base score : 7.5
Base severity : HIGH
Exploitability score : 3.9
Impact score : 3.6

Similar

Tags: Cybersecurity Alert