Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/encoded_id-rails@1.0.0.beta2
Typegem
Namespace
Nameencoded_id-rails
Version1.0.0.beta2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-x9fv-1c9p-2bet
vulnerability_id VCID-x9fv-1c9p-2bet
summary 
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
The length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :

- path segment length: 8192
- Max URI length: 1024 * 12
- Max query length: 1024 * 10

See https://github.com/puma/puma/blob/master/docs/compile_options.md

If too long Puma raises:
> Puma caught this error: HTTP element REQUEST_PATH is longer than the (8192) allowed length (was 12503) (Puma::HttpParserError)

However due to the performance of `hashids` extremely long encoded IDs will consume a large amount of CPU and allocate a huge number of intermediate objects.

For example:
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-0241
reference_id
reference_type
scores
0
value 0.00357
scoring_system epss
scoring_elements 0.58299
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-0241
1
reference_url https://github.com/stevegeek/encoded_id-rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/stevegeek/encoded_id-rails
2
reference_url https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-05T20:45:06Z/
url https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-0241
reference_id CVE-2024-0241
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-0241
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/encoded_id-rails/CVE-2024-0241.yml
reference_id CVE-2024-0241.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/encoded_id-rails/CVE-2024-0241.yml
5
reference_url https://github.com/advisories/GHSA-3px7-jm2p-6h2c
reference_id GHSA-3px7-jm2p-6h2c
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-05T20:45:06Z/
url https://github.com/advisories/GHSA-3px7-jm2p-6h2c
6
reference_url https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c
reference_id GHSA-3px7-jm2p-6h2c
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-05T20:45:06Z/
url https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c
fixed_packages
0
url pkg:gem/encoded_id-rails@1.0.0.beta2
purl pkg:gem/encoded_id-rails@1.0.0.beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/encoded_id-rails@1.0.0.beta2
aliases CVE-2024-0241, GHSA-3px7-jm2p-6h2c, GMS-2023-3722
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9fv-1c9p-2bet
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/encoded_id-rails@1.0.0.beta2