Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CISA Thorium does not rate limit account verification email messages
Vulnerability Description
CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
CISA Thorium 安全漏洞
Vulnerability Description
CISA Thorium是美国网络安全与基础设施安全局(CISA)政府部门的一个高度可扩展的分布式恶意软件分析和数据生成框架。 CISA Thorium 1.1.1之前版本存在安全漏洞,该漏洞源于未对发送账户验证邮件的请求进行速率限制,可能导致远程未经验证的攻击者发送无限消息。
CVSS Information
N/A
Vulnerability Type
N/A