SYM_PY_0194 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Uncontrolled Resource Consumption
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-400: Uncontrolled Resource Consumption |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The Django REST framework configuration is missing rate-limiting settings ('DEFAULT_THROTTLE_CLASSES' and 'DEFAULT_THROTTLE_RATES'). Without these, your API endpoints have no protection against excessive requests.
Impact
Attackers can overwhelm your application by sending a high volume of requests, leading to resource exhaustion or Denial of Service (DoS). This can make your API unavailable to legitimate users and may increase infrastructure costs.