GHSA-FFP2-8P2H-4M5J Password Pusher rate limiter can be bypassed by forging proxy headers

Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Additionally, with the ability to bypass rate...

CVE-2024-52796

CVE-2024-52796 affects Password Pusher (open source web app). In versions before v1.49.0, the configurable rate limiter could be bypassed by forging proxy headers, allowing an attacker to send unlimited traffic and potentially cause a denial of service. The fix in v1.49.0 restricts proxy authoriz...

CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

Password Pusher rate limiter can be bypassed by forging proxy headers

Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Patches In v1.49.0, a fix was implemented to...