pkg:PyPI/rdiffweb

All known vulnerabilities

• CRITICAL9.8CVE-2022-4724rdiffweb Improper Access Control vulnerability
  from 0, < c4a19cf67d575c4886171b8efcbf4675d51f3929 | from 0, < 2.5.5
• CRITICAL9.8CVE-2022-4724rdiffweb Improper Access Control vulnerability
  from 0, < 2.5.5
• CRITICAL9.8Improper Privilege Management in rdiffweb
  from 0, < 2.5.2
• CRITICAL9.8Improper Privilege Management in rdiffweb
  from 0, < b2df3679564d0daa2856213bb307d3e34bd89a25 | from 0, < 2.5.2
• CRITICAL9.8rdiffweb vulnerable to Insufficient Session Expiration
  from 0, < 6efb995bc32c8a8e9ad755eb813dec991dffb2b8 | from 0, < 2.5.0
• CRITICAL9.8rdiffweb vulnerable to Insufficient Session Expiration
  from 0, < 2.5.0
• CRITICAL9.8Rdiffweb subject to Business Logic Errors
  from 0, < 2.5.0a7
• CRITICAL9.8Rdiffweb subject to Business Logic Errors
  from 0, < c27c46bac656b1da74f28eac1b52dfa5df76e6f2 | from 0, < 2.5.0
• CRITICAL9.8Rdiffweb is missing authentication for critical function
  from 0, < 2.5.0
• CRITICAL9.8Rdiffweb is missing authentication for critical function
  from 0, < f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095 | from 0, < 2.4.10
• CRITICAL9.8Missing rate limit on rdiffweb
  from 0, < 2.5.0
• CRITICAL9.8Missing rate limit on rdiffweb
  from 0, < b78ec09f4582e363f6f449df6f987127e126c311 | from 0, < 2.5.0
• CRITICAL9.8Missing rate limit on rdiffweb
  from 0, < b78ec09f4582e363f6f449df6f987127e126c311 | from 0, < 2.5.0
• CRITICAL9.8Origin Validation Error in rdiffweb
  from 0, < afc1bdfab5161c74012ff2590a6ec49cc0d8fde0 | from 0, < 2.5.0
• CRITICAL9.8Origin Validation Error in rdiffweb
  from 0, < 2.5.0a5
• CRITICAL9.8Missing rate limit on rdiffweb
  from 0, < 2.5.0
• CRITICAL9.8rdiffweb vulnerable to account access via session fixation
  from 0, < 2.4.7
• CRITICAL9.8rdiffweb vulnerable to account access via session fixation
  from 0, < 39e7dcd4a1f44d2a7bd92b79d78a800910b1b22b | from 0, < 2.4.7
• HIGH8.8Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
  from 0, < 06f89b43469aae70e8833e55192721523f86c5a2 | from 0, < 2.8.4
• HIGH8.8Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
  from 0, < 2.8.4
• HIGH8.8rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
  from 0, < 9125f5a2d918fed0f3fc1c86fa94cd1779ed9f73 | from 0, < 2.4.3
• HIGH8.8rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
  from 0, < 2.4.3
• HIGH8.8rdiffweb contains Weak Password Requirements
  from 0, < 233befc33bdc45d4838c773d5aed4408720504c5 | from 0, < 2.4.2
• HIGH8.8rdiffweb contains Weak Password Requirements
  >= 2.4.1, < 2.4.2
• HIGH8.8rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
  from 0, < 7294bb7466532762c93d711211e5958940c1b428 | from 0, < 2.4.1
• HIGH8.8rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
  from 0, < 2.4.1
• HIGH8.2rdiffweb vulnerable to Open Redirect
  from 0, < 6afaae56a29536f0118b3380d296c416aa6d078d | from 0, < 2.5.5
• HIGH8.2rdiffweb vulnerable to Open Redirect
  from 0, < 2.5.5
• HIGH8.1IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users
  from 0, < 2.10.6
• HIGH7.5rdiffweb Path Traversal vulnerability
  from 0, < 2.4.10
• HIGH7.5rdiffweb Path Traversal vulnerability
  from 0, < 323383d1db656f1b1291be529947bd943a6b0e99 | from 0, < 2.4.10
• HIGH7.5rdiffweb's lack of token name length limit can result in DoS or memory corruption
  from 0, < b62c479ff6979563c7c23e7182942bc4f460a2c7 | from 0, < 2.4.10
• HIGH7.5rdiffweb's lack of token name length limit can result in DoS or memory corruption
  from 0, < 2.5.0a3
• HIGH7.5rdiffweb allows unlimited length of root directory name, which could result in DoS
  from 0, < 667657c6fe2b336c90be37f37fb92f65df4feee3 | from 0, < 2.4.8
• HIGH7.5rdiffweb allows unlimited length of root directory name, which could result in DoS
  from 0, < 2.4.8
• HIGH7.5rdiffweb's unlimited username field length can lead to DoS
  from 0, < 667657c6fe2b336c90be37f37fb92f65df4feee3 | from 0, < 2.4.8
• HIGH7.5rdiffweb's unlimited length email field can lead to DoS
  from 0, < 667657c6fe2b336c90be37f37fb92f65df4feee3 | from 0, < 2.4.8
• HIGH7.5rdiffweb's unlimited username field length can lead to DoS
• HIGH7.5rdiffweb's unlimited length email field can lead to DoS
  from 0, < 2.4.8
• HIGH7.5rdiffweb's unlimited username field length can lead to DoS
  from 0, < 2.4.8
• HIGH7.5rdiffweb vulnerable to potential DoS via memory consumption
  from 0, < 2.4.8
• HIGH7.5rdiffweb vulnerable to potential DoS via memory consumption
  from 0, < 626cca1b75b6c587afd4241a9692e8929b1921a5 | from 0, < 2.4.8
• HIGH7.5rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
  >= 2.4.1, < 2.4.2
• HIGH7.5rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
  from 0, < f2de2371c5e13ce1c6fd6f9a1ed3e5d46b93cd7e | from 0, < 2.4.2
• HIGH7.3rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
  from 0, < 2.5.0
• HIGH7.3rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
  from 0, < b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8 | from 0, < 2.4.11a1
• HIGH7.2rdiffweb vulnerable to Authentication Bypass by Primary Weakness
  from 0, < d1aaa96b665a39fba9e98d6054a9de511ba0a837 | from 0, < 2.5.5
• HIGH7.2rdiffweb vulnerable to Authentication Bypass by Primary Weakness
  from 0, < 2.5.5
• HIGH7.0rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
  from 0, < 2.4.7
• HIGH7.0rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
  from 0, < e974df75bdbcff3996ad70bd1b4424ec1485ea3f | from 0, < 2.4.7
• MEDIUM6.5rdiffweb has no rate limit on resend email feature
  from 0, < 2.5.5
• MEDIUM6.5rdiffweb has no rate limit on resend email feature
  from 0, < 6e9ee210548f6d3210704cac302cfc7cdb239765 | from 0, < 2.5.5
• MEDIUM6.5rdiffweb vulnerable to Cross-Site Request Forgery
  from 0, < 2.5.4
• MEDIUM6.5rdiffweb vulnerable to Cross-Site Request Forgery
  from 0, < e6f0d8002129be90fe82fa3e3ea0a6942caba398 | from 0, < 2.5.4
• MEDIUM6.1rdiffweb Open Redirect vulnerability
  from 0, < 5f861670ef8f38ca8eea52a98672d0e0fabb5368 | from 0, < 2.5.4
• MEDIUM6.1rdiffweb Open Redirect vulnerability
  from 0, < 2.5.4
• MEDIUM6.1rdiffweb vulnerable to Open Redirect
  from 0, < 2.5.0a4
• MEDIUM6.1rdiffweb vulnerable to Open Redirect
  from 0, < 4d464b467f14b8eb9103d7f5f0774e49995527c7 | from 0, < 2.5.0
• MEDIUM5.7rdiffweb vulnerable to Business Logic Errors
  from 0, < bc4bed89affcba71251fe54ed10639da9d392c1d | from 0, < 2.5.5
• MEDIUM5.7rdiffweb vulnerable to Business Logic Errors
  from 0, < 2.5.5
• MEDIUM5.4rdiffweb vulnerable to Special Element Injection
  from 0, < 6afaae56a29536f0118b3380d296c416aa6d078d | from 0, < 2.5.5
• MEDIUM5.4rdiffweb vulnerable to Special Element Injection
  from 0, < 2.5.5
• MEDIUM5.4rdiffweb vulnerable to password complexity bypass leading to weak passwords
  from 0, < 2.4.9
• MEDIUM5.4rdiffweb vulnerable to password complexity bypass leading to weak passwords
  from 0, < ee98e5af78ec60db8a17fef6ea0ca250e3f31eec | from 0, < 2.4.9
• MEDIUM5.3rdiffweb allows a new password to be the same as the previous password
  from 0, < 2.5.0
• MEDIUM5.3rdiffweb allows a new password to be the same as the previous password
  from 0, < 2ffc2af65c8f8113b06e0b89929c604bcdf844b9 | from 0, < 2.4.11a1
• MEDIUM5.3rdiffweb's unlimited length Fullname field can lead to DoS
  from 0, < b62c479ff6979563c7c23e7182942bc4f460a2c7 | from 0, < 2.4.10
• MEDIUM5.3rdiffweb's unlimited length Fullname field can lead to DoS
  from 0, < 2.5.0a3
• MEDIUM5.3rdiffweb has insecure HTTP cookies
  from 0, < ac334dd27ceadac0661b1e2e059a8423433c3fee | from 0, < 2.4.6
• MEDIUM5.3rdiffweb has insecure HTTP cookies
  from 0, < 2.4.6
• MEDIUM5.3rdiffweb Missing Custom Error Page
  from 0, < 233befc33bdc45d4838c773d5aed4408720504c5 | from 0, < 2.4.2
• MEDIUM5.3rdiffweb Missing Custom Error Page
  >= 2.4.1, < 2.4.2
• MEDIUM4.6rdiffweb vulnerable to Use of Cache Containing Sensitive Information
  from 0, < 2.4.9
• MEDIUM4.6rdiffweb vulnerable to Use of Cache Containing Sensitive Information
  from 0, < 2406780831618405a13113377a784f3102465f40 | from 0, < 2.4.8
• MEDIUM4.3Rdiffweb vulnerable to Missing Authentication for Critical Function
  from 0, < f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095 | from 0, < 2.4.11a1
• MEDIUM4.3Rdiffweb vulnerable to Missing Authentication for Critical Function
  from 0, < 2.5.0a6
• MEDIUM4.3rdiffweb Cross-Site Request Forgery vulnerability
  from 0, < 20fc0d304412cc569b21f31e52cb8b94094d6314 | from 0, < 2.4.6
• MEDIUM4.3rdiffweb Cross-Site Request Forgery vulnerability
  from 0, < 2.4.6
• MEDIUM4.3rdiffweb CSRF could lead to disabling notifications in user profile
  from 0, < 2.4.6
• MEDIUM4.3rdiffweb CSRF could lead to disabling notifications in user profile
  from 0, < 18a5aabd48fa6d2d2771a25f95610c28a1a097ca | from 0, < 2.4.6
• MEDIUM4.3rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
  from 0, < 2.4.5
• MEDIUM4.3rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
  from 0, < 422791ea45713aaaa865bdca74addb9fffd93a71 | from 0, < 2.4.5
• MEDIUM4.2RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
  from 0, < 2.8.1
• LOW2.4rdiffweb vulnerable to Improper Cleanup on Thrown Exception
  from 0, < 5ac38b2a75becbab9f948bd5e37ecbcd9f0b362e | from 0, < 2.4.8
• LOW2.4rdiffweb vulnerable to Improper Cleanup on Thrown Exception
  from 0, < 2.4.8