Advisories for Gem/Rack-Contrib package

2024

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). runs = (request.params['profiler_runs'] || @times).to_i result = @profile.profile do runs.times { @app.call(env) } end An exploit as such curl –fail "http://127.0.0.1:9292/?profiler_runs=9999999999&profile=process_time" may cause resource exhaution by a remotely controlled value.