Description
None of the API endpoints have rate limiting. An attacker can send unlimited requests to any endpoint, potentially causing resource exhaustion or abuse of the service.
This is especially concerning for write endpoints (PUT, DELETE) which modify state, and for the in-memory database backend where unlimited writes lead to unbounded memory growth.
Severity
Low
Suggested Fix
Consider adding rate limiting middleware via tower::limit::RateLimitLayer or a similar mechanism.
Description
None of the API endpoints have rate limiting. An attacker can send unlimited requests to any endpoint, potentially causing resource exhaustion or abuse of the service.
This is especially concerning for write endpoints (
PUT,DELETE) which modify state, and for the in-memory database backend where unlimited writes lead to unbounded memory growth.Severity
Low
Suggested Fix
Consider adding rate limiting middleware via
tower::limit::RateLimitLayeror a similar mechanism.