{"id":"CVE-2024-58259","details":"A vulnerability has been identified within Rancher Manager in which it \ndid not enforce request body size limits on certain public \n(unauthenticated) and authenticated API endpoints. This allows a \nmalicious user to exploit this by sending excessively large payloads, \nwhich are fully loaded into memory during processing, leading to Denial of Service (DoS).","aliases":["GHSA-4h45-jpvh-6p5j","GO-2025-3923"],"modified":"2026-03-23T05:10:34.151810150Z","published":"2025-09-02T12:15:35.650Z","related":["SUSE-SU-2025:03289-1","openSUSE-SU-2025:15538-1"],"references":[{"type":"ADVISORY","url":"https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58259.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}