CVE-2021-33563
Improper rate limiting in Koel
EPSS 0.79%
Description
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.
How to fix CVE-2021-33563
To remediate CVE-2021-33563, upgrade the affected package to a fixed version below.
- Packagist/phanan/koel—upgrade to 5.1.4 or later
Is CVE-2021-33563 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.1.4