{ "schema_version": "1.4.0", "id": "GHSA-4553-hq82-8654", "modified": "2024-01-05T15:25:52Z", "published": "2024-01-04T21:30:24Z", "withdrawn": "2024-01-05T15:25:52Z", "aliases": [], "summary": "Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs", "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references.\n\n### Original Description\nencoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long \"id\" parameter.\n\n", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "RubyGems", "name": "encoded_id-rails" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "database_specific": { "last_known_affected_version_range": "< 1.0.0.beta2" } } ], "references": [ { "type": "WEB", "url": "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0241" }, { "type": "WEB", "url": "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3px7-jm2p-6h2c" }, { "type": "WEB", "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c" } ], "database_specific": { "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-05T15:25:52Z", "nvd_published_at": "2024-01-04T21:15:09Z" } }