express-brute@0.5.3 vulnerabilities
A brute-force protection middleware for express routes that rate limits incoming requests
-
latest version
1.0.1
-
first published
11 years ago
-
latest version published
8 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the express-brute package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
express-brute is a brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. Affected versions of this package are vulnerable to Rate Limiting Bypass due to incorrectly counting the number of requests sent, this allows an attacker to bypass the rate-limiting mechanism. How to fix Rate Limiting Bypass? There is no fixed version for |
*
|