CVE-2024-35231
📋 TL;DR
CVE-2024-35231 is a denial-of-service vulnerability in rack-contrib middleware for Ruby web applications. Attackers can send malicious profiler_runs parameters to cause uncontrolled resource allocation, potentially crashing servers. This affects all applications using vulnerable rack-contrib versions.
💻 Affected Systems
- rack-contrib
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to server resource exhaustion, potentially requiring manual intervention to restore service.
Likely Case
Degraded performance or temporary service disruption affecting application availability.
If Mitigated
Minimal impact with proper input validation and resource limits in place.
🎯 Exploit Status
Exploitation requires sending specially crafted HTTP requests with malicious profiler_runs parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.0
Vendor Advisory: https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869
Restart Required: Yes
Instructions:
1. Update Gemfile to specify 'rack-contrib', '>= 2.5.0'. 2. Run 'bundle update rack-contrib'. 3. Restart the Ruby application server.
🔧 Temporary Workarounds
Disable profiling middleware
allRemove or disable rack-contrib profiling middleware from application configuration
Remove 'use Rack::Profiler' or similar lines from config.ru or application initialization
Input validation middleware
allAdd middleware to validate and limit profiler_runs parameter values
Add custom middleware before rack-contrib to sanitize profiler_runs parameter
🧯 If You Can't Patch
- Implement rate limiting and request filtering at the web server or load balancer level
- Deploy web application firewall rules to block requests with excessive profiler_runs values
🔍 How to Verify
Check if Vulnerable:
Check Gemfile.lock or run 'bundle show rack-contrib' to see installed versionCheck Version:
bundle show rack-contrib | grep -o 'rack-contrib.*'Verify Fix Applied:
Confirm version is 2.5.0 or higher with 'bundle show rack-contrib'📡 Detection & Monitoring
Log Indicators:
- Unusually high memory or CPU usage patterns
- Requests with profiler_runs parameter containing large values
- Application crashes or restarts
Network Indicators:
- HTTP requests containing profiler_runs parameter with numeric values exceeding normal range
SIEM Query:
source="application.logs" AND ("profiler_runs" AND (value>1000 OR value<0))🔗 References
- https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7
- https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869
- https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7
- https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869
