Skip to content

Missing rate limit on rdiffweb

Moderate severity GitHub Reviewed Published Oct 14, 2022 to the GitHub Advisory Database • Updated Nov 22, 2024

Package

pip rdiffweb (pip)

Affected versions

< 2.5.0

Patched versions

2.5.0

Description

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.

References

Published by the National Vulnerability Database Oct 13, 2022
Published to the GitHub Advisory Database Oct 14, 2022
Reviewed Oct 14, 2022
Last updated Nov 22, 2024

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(29th percentile)

Weaknesses

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. Learn more on MITRE.

CVE ID

CVE-2022-3456

GHSA ID

GHSA-92gf-p376-6r9r

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.