Moderate severityNVD Advisory· Published Feb 6, 2025· Updated Feb 7, 2025
CVE-2024-57610
CVE-2024-57610
Description
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use "firewalls, rate-limiting middleware, or authentication providers" for that functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sylius/syliusPackagist | <= 2.0.2 | — |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2hjh-495w-hmxcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-57610ghsaADVISORY
- github.com/github/advisory-database/pull/5254ghsaWEB
- sylius.comghsaWEB
- sylius.commitre
News mentions
0No linked articles in our index yet.