Fluid Attacks Database

Description

rdiffweb has no rate limit on resend email feature rdiffweb prior to 2.5.5 has no rate limit on the "resend email feature" while enable or disable 2FA from /prefs/mfa endpoint .

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.5.5	2.5.5

Aliases

1. CVE-2022-47232. NVD-2022-47233. OSV-2022-47234. GCVE-2022-4723

References

1. https://github.com/ikus060/rdiffweb/commit/6e9ee210548f6d3210704cac302cfc7cdb2397652. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43009.yaml3. https://huntr.dev/bounties/9369681b-8bfc-4146-a54c-c5108442d92c

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.