web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
{ "binaries": [ { "binary_name": "python-gluon", "binary_version": "2.12.3-1ubuntu0.1" }, { "binary_name": "python-web2py", "binary_version": "2.12.3-1ubuntu0.1" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }