express-brute@0.6.0 vulnerabilities

A brute-force protection middleware for express routes that rate limits incoming requests

latest version

1.0.1
first published

11 years ago
latest version published

8 years ago
licenses detected
- BSD-2-Clause
  >=0
View express-brute package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the express-brute package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Rate Limiting Bypass express-brute is a brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. Affected versions of this package are vulnerable to Rate Limiting Bypass due to incorrectly counting the number of requests sent, this allows an attacker to bypass the rate-limiting mechanism. How to fix Rate Limiting Bypass? There is no fixed version for `express-brute`.	*

Rate Limiting Bypass

express-brute is a brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence.

Affected versions of this package are vulnerable to Rate Limiting Bypass due to incorrectly counting the number of requests sent, this allows an attacker to bypass the rate-limiting mechanism.

How to fix Rate Limiting Bypass?

There is no fixed version for express-brute.

Go back to all versions of this package

express-brute@0.6.0 vulnerabilities

A brute-force protection middleware for express routes that rate limits incoming requests

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities