CVE-2024-0241

Name of the Vulnerable Software and Affected Versions encoded id-rails versions before 1.0.0.beta2

Description The issue is an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long id parameter. This can lead to high CPU consumption and allocation of a large number of intermediate objects, causing the application to spend a significant amount of time decoding the ID.

Recommendations Upgrade to version 1.0.0.beta2, which introduces a new option to limit the length of IDs that can be decoded, mitigating the vulnerability. As a temporary workaround, consider restricting access to the id parameter in the affected API endpoint until the issue is resolved.