Allocation of Resources Without Limits or Throttling in github.com/rancher/rancher/pkg/utils | CVE-2024-58259

Q: How to fix?

Upgrade github.com/rancher/rancher/pkg/utils to version 2.10.9-alpha1, 2.11.5-alpha1, 2.12.1-alpha1 or higher.

Introduced: 29 Aug 2025

NewCVE-2024-58259 (opens in a new tab) CWE-770 (opens in a new tab)

How to fix?

Upgrade github.com/rancher/rancher/pkg/utils to version 2.10.9-alpha1, 2.11.5-alpha1, 2.12.1-alpha1 or higher.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request body processing. An attacker can cause the server to crash or become unresponsive by sending excessively large payloads to certain API endpoints, leading to resource exhaustion.

Workaround

This vulnerability can be mitigated by manually setting request body size limits, for example, by configuring the ingress controller (such as nginx-ingress) to restrict request sizes.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
Low
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Allocation of Resources Without Limits or Throttling Affecting github.com/rancher/rancher/pkg/utils package, versions >=2.9.0-alpha1 <2.10.9-alpha1>=2.11.0-alpha1 <2.11.5-alpha1>=2.12.0-alpha1 <2.12.1-alpha1

Severity

Do your applications use this vulnerable package?

Snyk Learn