express-brute@0.5.0 vulnerabilities

A brute-force protection middleware for express routes that rate limits incoming requests

Direct Vulnerabilities

Known vulnerabilities in the express-brute package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Rate Limiting Bypass

express-brute is a brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence.

Affected versions of this package are vulnerable to Rate Limiting Bypass due to incorrectly counting the number of requests sent, this allows an attacker to bypass the rate-limiting mechanism.

How to fix Rate Limiting Bypass?

There is no fixed version for express-brute.

*