Headline
GHSA-4553-hq82-8654: Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references.
Original Description
encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long “id” parameter.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-4553-hq82-8654
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High severity GitHub Reviewed Published Jan 4, 2024 to the GitHub Advisory Database • Updated Jan 5, 2024
Withdrawn This advisory was withdrawn on Jan 5, 2024
Package
bundler encoded_id-rails (RubyGems)
Affected versions
< 1.0.0.beta2
Published by the National Vulnerability Database
Jan 4, 2024
Published to the GitHub Advisory Database
Jan 4, 2024