GHSA-h6r2-pgvx-683c

Suggest an improvement
Source
https://github.com/advisories/GHSA-h6r2-pgvx-683c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h6r2-pgvx-683c/GHSA-h6r2-pgvx-683c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h6r2-pgvx-683c
Aliases
Published
2022-05-24T19:11:15Z
Modified
2024-05-01T17:12:32.389029Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Lin-CMS-Flask vulnerable to Improper Authentication
Details

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component app/api/cms/user.py.

References

Affected packages

PyPI / lin-cms

Package

Affected ranges

Affected versions

0.*

0.1.1