express-brute-redis@0.0.1

Vulnerabilities

1 via 1 paths

Dependencies

9

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Rate Limiting Bypass

  • Vulnerable module: express-brute
  • Introduced through: express-brute@0.4.2

Detailed paths

  • Introduced through: express-brute-redis@0.0.1 express-brute@0.4.2

Overview

express-brute is a brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence.

Affected versions of this package are vulnerable to Rate Limiting Bypass due to incorrectly counting the number of requests sent, this allows an attacker to bypass the rate-limiting mechanism.

Remediation

There is no fixed version for express-brute.

References