Security
Headlines

Headlines Latest CVEs

Headline

GHSA-4553-hq82-8654: Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references.

Original Description

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long “id” parameter.

10 months ago

#vulnerability #dos #git #auth #ruby

GitHub Advisory Database
GitHub Reviewed
GHSA-4553-hq82-8654

Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

High severity GitHub Reviewed Published Jan 4, 2024 to the GitHub Advisory Database • Updated Jan 5, 2024

Withdrawn This advisory was withdrawn on Jan 5, 2024

Package

bundler encoded_id-rails (RubyGems)

Affected versions

< 1.0.0.beta2

Published by the National Vulnerability Database

Jan 4, 2024

Published to the GitHub Advisory Database

Jan 4, 2024

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

9 hours ago

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

9 hours ago

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

13 hours ago

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

13 hours ago

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

13 hours ago