GHSA-4m7v-wr6v-2mw5

Suggest an improvement
Source
https://github.com/advisories/GHSA-4m7v-wr6v-2mw5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-4m7v-wr6v-2mw5/GHSA-4m7v-wr6v-2mw5.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-4m7v-wr6v-2mw5
Aliases
Published
2023-05-05T03:30:22Z
Modified
2023-11-10T05:36:42.390579Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
AzuraCast missing brute force prevention
Details

The request rate limiting feature on the login page of AzuraCast before version 0.18.3 can be bypassed, which could allow an attacker to brute force login credentials.

Database specific
{
    "nvd_published_at": "2023-05-05T01:15:08Z",
    "cwe_ids": [
        "CWE-307"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-05T22:33:46Z"
}
References

Affected packages

Packagist / azuracast/azuracast

Package

Name
azuracast/azuracast
Purl
pkg:composer/azuracast/azuracast

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.18.3

Affected versions

0.*

0.3.1
0.3.2
0.3.3
0.5.0
0.6.0
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.4.1
0.9.4.2
0.9.5
0.9.5.1
0.9.6
0.9.6.1
0.9.6.2
0.9.6.5
0.9.7
0.9.7.1
0.9.8
0.9.8.1
0.9.9
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.11
0.11.1
0.11.2
0.12
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.18.0
0.18.1
0.18.2