GHSA-wvr4-w6cw-4px8, CVE-2019-15929
packagist/craftcms/cms
Weak Password Recovery Mechanism for Forgotten Password
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
All versions before 3.1.7
Upgrade to version 3.1.7 or above.
2024-02-02
source |