GHSA-gv85-wgxc-vc56

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

web2py is vulnerable to password brute-force attack

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.

Ссылки

Пакеты

Наименование

web2py

pip

Затронутые версииВерсия исправления

< 2.14.6

2.14.6

EPSS

Процентиль: 64%

0.00468

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2016-10321

Дефекты

CWE-307

Связанные уязвимости

CVE-2016-10321

CVSS3: 9.8

ubuntu

почти 9 лет назад

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.

CVE-2016-10321

CVSS3: 9.8

nvd

почти 9 лет назад

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.

CVE-2016-10321

CVSS3: 9.8

debian

почти 9 лет назад

web2py before 2.14.6 does not properly check if a host is denied befor ...

EPSS

Процентиль: 64%

0.00468

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2016-10321

Дефекты

CWE-307