Sha256: 32981d620942779535ee0bc9bb71e537169116a6d67092512dd9d11525aed1ec
Contents?: true
Size: 938 Bytes
Versions: 1
Compression:
Stored size: 938 Bytes
Contents
--- gem: sorcery cve: 2020-11052 ghsa: jc8m-cxhj-668x url: https://github.com/Sorcery/sorcery/security/advisories/GHSA-jc8m-cxhj-668x date: 2020-05-07 title: Improper Restriction of Excessive Authentication Attempts in Sorcery description: |- ### Impact Brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. ### Patches Patched as of version `0.15.0`. ### Workarounds Currently no workarounds, other than monkey patching the authenticate method provided by Sorcery or upgrading to version `0.15.0`. cvss_v3: 8.3 patched_versions: - ">= 0.15.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/sorcery/CVE-2020-11052.yml |