PYSEC-2021-339

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/lin-cms/PYSEC-2021-339.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-339

Aliases

Published

2021-08-16T18:15:00Z

Modified

2025-10-09T07:29:16.973313Z

Summary

[none]

Details

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.

References

https://github.com/TaleLin/lin-cms-flask/issues/27

Affected packages

PyPI / lin-cms

Package

Name: lin-cms; View open source insights on deps.dev
Purl: pkg:pypi/lin-cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.1a1

0.1.1a2

0.1.1a3

0.1.1a4

0.1.1a5

0.1.1a6

0.1.1a7

0.1.1a8

0.1.1b1

0.1.1b2

0.1.1b3

0.1.1b4

0.2.0b1

0.2.0b2

0.2.0b3

0.3.0a2

0.3.0a3

0.3.0a4

0.3.0a5

0.3.0a6

0.3.0a7

0.3.0a8

0.3.0a9

0.3.0a10

0.3.1

0.4.0

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.4.10

0.4.11

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/lin-cms/PYSEC-2021-339.yaml"