Moderate severityNVD Advisory· Published Jul 25, 2021· Updated Aug 3, 2024
Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii
CVE-2021-3663
Description
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
grumpydictator/firefly-iiiPackagist | < 5.5.13 | 5.5.13 |
Affected products
1- Range: unspecified
Patches
1afc9f4b7ebc8Add missing rate limiter.
1 file changed · +2 −1
app/Http/Controllers/Auth/LoginController.php+2 −1 modified@@ -29,6 +29,7 @@ use FireflyIII\Providers\RouteServiceProvider; use Illuminate\Contracts\View\Factory; use Illuminate\Foundation\Auth\AuthenticatesUsers; +use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Http\JsonResponse; use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; @@ -47,7 +48,7 @@ */ class LoginController extends Controller { - use AuthenticatesUsers; + use AuthenticatesUsers, ThrottlesLogins; /** * Where to redirect users after login.
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-56cx-wf47-hx7wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3663ghsaADVISORY
- github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8ghsax_refsource_MISCWEB
- github.com/firefly-iii/firefly-iii/releases/tag/5.5.13ghsaWEB
- huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.