Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Password Pusher's rate limiter can be bypassed by forging proxy headers
Vulnerability Description
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. In v1.49.0, a fix was implemented to only authorize proxies on local IPs which resolves this issue. As a workaround, one may add rules to one's proxy and/or firewall to not accept external proxy headers such as `X-Forwarded-*` from clients.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Password Pusher 安全漏洞
Vulnerability Description
Password Pusher是Peter Giacomo Lombardo个人开发者的一个开源应用程序,用于在网络上传递敏感信息。 Password Pusher v1.49.0之前版本存在安全漏洞,该漏洞源于可以通过伪造代理标头来绕过速率限制器,从而允许攻击者向站点发送无限流量,这可能会导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A