Uncontrolled Resource Consumption

What it is

An operation has no upper bound, so a crafted request exhausts CPU, memory or connections (denial of service).

How to fix it

Upgrade, then add limits/timeouts on the affected operation.

How to avoid it

Cap request sizes, set timeouts, and rate-limit expensive operations.

Known Uncontrolled Resource Consumption vulnerabilities

• NPM-EVERYTHING-2024 — medium · npm/everything (+ ~3000 sub-packages) · exploited
• CVE-2021-44228 — critical · Maven/org.ops4j.pax.logging:pax-logging-log4j2 · exploited
• CVE-2021-44228 — critical · Maven/com.guicedee.services:log4j-core · exploited
• CVE-2021-44228 — critical · Maven/org.apache.logging.log4j:log4j-core · exploited
• CVE-2021-44228 — critical · Maven/org.apache.logging.log4j:log4j-core · exploited
• INFRA-MIRAI-2016 — high · IoT/IoT devices (Mirai botnet)

Stateward flags Uncontrolled Resource Consumption in your own code and dependencies on every pull request.

Summarize with AI

ChatGPTClaudePerplexity