
We found results for “”
CVE-2024-58259
Good to know:

Date: September 2, 2025
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
CWE-770Top Fix

Upgrade Version
Upgrade to version github.com/rancher/rancher - v2.12.1;github.com/rancher/rancher - v2.11.5;github.com/rancher/rancher - v2.10.9;github.com/rancher/rancher - v2.9.11;github.com/rancher/rancher - v0.0.0-20250813072957-aee95d4e2a41;https://github.com/rancher/rancher.git - v2.9.12;https://github.com/rancher/rancher.git - v2.10.9;https://github.com/rancher/rancher.git - v2.11.5;https://github.com/rancher/rancher.git - v2.12.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | HIGH |