Lucene search
GoogleOSV:GHSA-R37H-J483-CJJMHistoryJun 01, 2021 - 9:38 p.m.
Improper rate limiting in Koel
2021-06-0121:38:20
Google
osv.dev
8
0.002 Low
EPSS
Percentile
60.6%
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phanan/koel | eq | 3.5.1 | |
| phanan/koel | eq | 5.1.2 | |
| phanan/koel | eq | 2.0.1 | |
| phanan/koel | eq | 5.0.0 | |
| phanan/koel | eq | 4.1.0 | |
| phanan/koel | eq | 3.5.2 | |
| phanan/koel | eq | 4.2.1 | |
| phanan/koel | eq | 3.5.0 | |
| phanan/koel | eq | 3.5.5 | |
| phanan/koel | eq | 4.3.0 |
Related
prion
prion
Default credentials
2021-05-24 23:15:00
nvd
nvd
CVE-2021-33563
2021-05-24 23:15:08
CVE-2021-34064
2023-02-24 16:15:11
github
github
Improper rate limiting in Koel
2021-06-01 21:38:20
cve
cve
CVE-2021-33563
2021-05-24 23:15:08
CVE-2021-34064
2023-02-24 16:15:11
veracode
veracode
Brute Force Attack
2021-05-27 05:55:24
osv
osv
CVE-2021-33563
2021-05-24 23:15:08
cvelist
cvelist
CVE-2021-33563
2021-05-24 22:45:08