2 matches found
GHSA-6F65-4FV2-WWCH Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Summary The NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. Details In packages/core/src/config/auth/native-authentication-strategy.ts, the authenticate method returns immediately if a user is no...
CVE-2026-23849
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...