High severity8.2GHSA Advisory· Published Sep 2, 2025· Updated Apr 15, 2026
CVE-2024-58259
CVE-2024-58259
Description
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.12.0, < 2.12.1 | 2.12.1 |
github.com/rancher/rancherGo | >= 2.11.0, < 2.11.5 | 2.11.5 |
github.com/rancher/rancherGo | >= 2.10.0, < 2.10.9 | 2.10.9 |
github.com/rancher/rancherGo | >= 2.9.0, < 2.9.11 | 2.9.11 |
github.com/rancher/rancherGo | < 0.0.0-20250813072957-aee95d4e2a41 | 0.0.0-20250813072957-aee95d4e2a41 |
Affected products
5- ghsa-coords4 versionspkg:golang/github.com/rancher/rancherpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
>= 2.12.0, < 2.12.1+ 3 more
- (no CPE)range: >= 2.12.0, < 2.12.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- (no CPE)range: < 0.0.20250908T141310-1.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-4h45-jpvh-6p5jghsaADVISORY
- github.com/rancher/rancher/commit/aee95d4e2a41ba2df6f88c9634d4fe1f42dee4d9ghsaWEB
- github.com/rancher/rancher/releases/tag/v2.10.9ghsaWEB
- github.com/rancher/rancher/releases/tag/v2.11.5ghsaWEB
- github.com/rancher/rancher/releases/tag/v2.12.1ghsaWEB
- github.com/rancher/rancher/releases/tag/v2.9.11ghsaWEB
- github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5jnvdWEB
- bugzilla.suse.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.