High severity8.6OSV Advisory· Published May 27, 2024· Updated Apr 15, 2026
CVE-2024-35231
CVE-2024-35231
Description
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rack-contribRubyGems | < 2.5.0 | 2.5.0 |
Affected products
2- Range: 0.9.0, 1.0.1, 1.1.0, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-8c8q-2xw3-j869ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-35231ghsaADVISORY
- github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7nvdWEB
- github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-contrib/CVE-2024-35231.ymlghsaWEB
News mentions
0No linked articles in our index yet.