CVE-2024-52796
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-52796
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52796.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-52796
- Aliases
- Published
- 2024-11-20T17:15:20Z
- Modified
- 2025-05-24T03:40:33.127870Z
- Summary
- [none]
- Details
-
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. In v1.49.0, a fix was implemented to only authorize proxies on local IPs which resolves this issue. As a workaround, one may add rules to one's proxy and/or firewall to not accept external proxy headers such as
X-Forwarded-*from clients. - References
Affected packages
Git / github.com/pglombardo/passwordpusher
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pglombardo/passwordpusher
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
release
v1.*
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.11.10
v1.11.11
v1.11.12
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.8.1
v1.11.9
v1.12.0
v1.13.0
v1.14.0
v1.14.1
v1.14.2
v1.14.3
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.17.0
v1.17.1
v1.17.10
v1.17.11
v1.17.12
v1.17.13
v1.17.14
v1.17.15
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.18.0
v1.19.0
v1.19.1
v1.20.0
v1.20.1
v1.20.2
v1.20.3
v1.20.4
v1.20.5
v1.20.6
v1.20.7
v1.21.0
v1.22.0
v1.22.1
v1.22.2
v1.22.3
v1.23.0
v1.23.1
v1.23.10
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.23.6
v1.23.7
v1.23.8
v1.23.9
v1.24.0
v1.24.1
v1.24.2
v1.24.3
v1.24.4
v1.24.5
v1.24.6
v1.24.7
v1.24.8
v1.25.0
v1.25.1
v1.25.2
v1.25.3
v1.25.4
v1.25.5
v1.25.6
v1.25.7
v1.25.8
v1.26.0
v1.26.1
v1.26.10
v1.26.11
v1.26.12
v1.26.13
v1.26.14
v1.26.15
v1.26.16
v1.26.17
v1.26.18
v1.26.2
v1.26.3
v1.26.4
v1.26.5
v1.26.6
v1.26.7
v1.26.8
v1.26.9
v1.27.0
v1.28.0
v1.28.1
v1.28.10
v1.28.11
v1.28.12
v1.28.13
v1.28.14
v1.28.2
v1.28.2.rc1
v1.28.2.rc2
v1.28.3
v1.28.4
v1.28.5
v1.28.6
v1.28.7
v1.28.8
v1.28.9
v1.29.0
v1.29.1
v1.29.2
v1.29.3
v1.30.0
v1.30.1
v1.30.10
v1.30.11
v1.30.12
v1.30.13
v1.30.2
v1.30.3
v1.30.4
v1.30.5
v1.30.6
v1.30.7
v1.30.8
v1.30.9
v1.31.0
v1.31.1
v1.31.2
v1.31.3
v1.31.4
v1.31.5
v1.31.6
v1.31.7
v1.31.8
v1.32.0
v1.32.1
v1.32.2
v1.32.3
v1.32.4
v1.32.5
v1.32.6
v1.32.7
v1.32.8
v1.32.9
v1.33.0
v1.34.0
v1.34.1
v1.34.2
v1.34.3
v1.34.4
v1.34.5
v1.35.0
v1.35.1
v1.35.2
v1.36.0
v1.36.1
v1.36.2
v1.36.3
v1.36.4
v1.36.5
v1.36.6
v1.36.7
v1.36.8
v1.36.9
v1.37.0
v1.37.1
v1.37.10
v1.37.11
v1.37.12
v1.37.2
v1.37.3
v1.37.4
v1.37.5
v1.37.6
v1.37.7
v1.37.8
v1.37.9
v1.38.0
v1.38.1
v1.39.0
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.39.5
v1.39.6
v1.39.7
v1.39.8
v1.39.9
v1.40.0
v1.40.1
v1.40.10
v1.40.11
v1.40.12
v1.40.13
v1.40.14
v1.40.15
v1.40.2
v1.40.3
v1.40.4
v1.40.5
v1.40.6
v1.40.7
v1.40.8
v1.40.9
v1.41.0
v1.41.1
v1.41.10
v1.41.11
v1.41.12
v1.41.13
v1.41.14
v1.41.15
v1.41.2
v1.41.3
v1.41.4
v1.41.5
v1.41.6
v1.41.7
v1.41.8
v1.41.9
v1.42.0
v1.42.1
v1.42.2
v1.43.0
v1.43.1
v1.44.0
v1.45.0
v1.45.1
v1.45.10
v1.45.11
v1.45.2
v1.45.3
v1.45.4
v1.45.5
v1.45.6
v1.45.7
v1.45.8
v1.45.9
v1.46.0
v1.46.1
v1.46.2
v1.46.3
v1.47.0
v1.47.1
v1.47.2
v1.47.3
v1.47.4
v1.48.0
v1.48.1
v1.48.2
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v1.9.1