Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
Vulnerability Description
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Contributed Rack Middleware and Utilities 安全漏洞
Vulnerability Description
Contributed Rack Middleware and Utilities是包含各种用于 Rack(一种 Ruby Web 服务器接口)的附加组件。 Contributed Rack Middleware and Utilities 2.5.0之前版本存在安全漏洞,该漏洞源于用户控制的数据不受任何限制,容易受到拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A