CVE-2022-0777: Rate limit missing in microweber

March 2, 2022

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.

References

github.com/advisories/GHSA-7r79-mrp6-8mhq
github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0f
huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7
nvd.nist.gov/vuln/detail/CVE-2022-0777

Detect and mitigate CVE-2022-0777 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →