exploitDog

CVE-2024-57610

Опубликовано: 06 фев. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use "firewalls, rate-limiting middleware, or authentication providers" for that functionality.

Ссылки

https://github.com/Sylius/Sylius
Product
https://github.com/nca785/CVE-2024-57610
Exploit
Third Party Advisory
https://sylius.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sylius:sylius:2.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03369

Низкий

7.5 High

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-2hjh-495w-hmxc

github

около 1 года назад

Withdrawn Advisory: Sylius allows unrestricted brute-force attacks on user accounts

EPSS

Процентиль: 87%

0.03369

Низкий

7.5 High

CVSS3

Дефекты

CWE-307