rdiffweb is vulnerable to denial of service. The vulnerability is due to the function check_ratelimit
in ratelimit.py
missing a maximum number of requests per hour on sensitive endpoints allowing an attacker to cause an application crash via malicious input.