Описание
CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.
Ссылки
- Patch
- Release Notes
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cisa:thorium:1.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 5.3
github
5 месяцев назад
CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.
EPSS
Процентиль: 36%
0.00152
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400