ewe 安全漏洞

ewe is a lightweight web server build package developed by Vladislav Shakitskiy. Versions of ewe 3.0.4 and earlier contained security vulnerabilities, which stemmed from improper handling of the chunk transfer encoding at the end of the transmission. These vulnerabilities could lead to...

CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...