Analyst

**Name of the Vulnerable Software and Affected Versions** rack-contrib versions prior to 2.5.0 **Description** The issue is related to a denial of service vulnerability due to the lack of constraints on user-controlled data `profiler runs`. This allows for the allocation of resources on the server side with no limitation, potentially leading to a denial of service by remotely controlled data. The vulnerability is caused by the fact that the `profiler runs` variable is not constrained to any limitation, which would lead to allocating resources on the server side with no limitation. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later, which contains a patch for the issue. As a temporary workaround, consider restricting access to the `Rack::Profiler` middleware to minimize the risk of exploitation. Avoid using the `profiler runs` parameter in the affected API endpoint until the issue is resolved.