GHSA-4m7v-wr6v-2mw5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4m7v-wr6v-2mw5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-4m7v-wr6v-2mw5/GHSA-4m7v-wr6v-2mw5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4m7v-wr6v-2mw5
- Aliases
- Published
- 2023-05-05T03:30:22Z
- Modified
- 2024-02-16T08:02:33.996728Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- AzuraCast missing brute force prevention
- Details
-
The request rate limiting feature on the login page of AzuraCast before version 0.18.3 can be bypassed, which could allow an attacker to brute force login credentials.
- Database specific
{ "github_reviewed": true, "severity": "CRITICAL", "cwe_ids": [ "CWE-307" ], "nvd_published_at": "2023-05-05T01:15:08Z", "github_reviewed_at": "2023-05-05T22:33:46Z" }- References
Affected packages
Packagist / azuracast/azuracast
Package
- Name
- azuracast/azuracast
- Purl
- pkg:composer/azuracast/azuracast
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.18.3
Affected versions
0.*
0.3.1
0.3.2
0.3.3
0.5.0
0.6.0
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.4.1
0.9.4.2
0.9.5
0.9.5.1
0.9.6
0.9.6.1
0.9.6.2
0.9.6.5
0.9.7
0.9.7.1
0.9.8
0.9.8.1
0.9.9
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.11
0.11.1
0.11.2
0.12
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.18.0
0.18.1
0.18.2