Common Weakness Enumeration

CWE-799

Allowed-with-Review

Improper Control of Interaction Frequency

Abstraction: Class · Status: Incomplete

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

108 vulnerabilities reference this CWE, most recent first.

GHSA-5G37-4GXG-27M8

Vulnerability from github – Published: 2024-11-04 15:31 – Updated: 2024-11-08 15:31
VLAI
Details

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770",
      "CWE-799"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-04T13:17:05Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.",
  "id": "GHSA-5g37-4gxg-27m8",
  "modified": "2024-11-08T15:31:12Z",
  "published": "2024-11-04T15:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51557"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0332"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5RP8-95VQ-WM73

Vulnerability from github – Published: 2025-12-11 21:31 – Updated: 2025-12-11 21:31
VLAI
Details

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-799"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-11T20:15:52Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.",
  "id": "GHSA-5rp8-95vq-wm73",
  "modified": "2025-12-11T21:31:33Z",
  "published": "2025-12-11T21:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13211"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7254434"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63WG-87QV-RW4R

Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-14 21:23
VLAI
Summary
Drupal Open Social allows Functionality Misuse
Details

The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "goalgorilla/open_social"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "goalgorilla/open_social"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.4.0"
            },
            {
              "fixed": "12.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "goalgorilla/open_social"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.0.0-alpha1"
            },
            {
              "fixed": "13.0.0-alpha11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-13274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-799"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-14T21:23:11Z",
    "nvd_published_at": "2025-01-09T20:15:36Z",
    "severity": "MODERATE"
  },
  "details": "The distribution didn\u0027t validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker.",
  "id": "GHSA-63wg-87qv-rw4r",
  "modified": "2025-01-14T21:23:11Z",
  "published": "2025-01-09T21:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13274"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/goalgorilla/open_social"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-038"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Drupal Open Social allows Functionality Misuse"
}

GHSA-64W9-MHV5-JC6G

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13212"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-799"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:17:54Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.",
  "id": "GHSA-64w9-mhv5-jc6g",
  "modified": "2026-03-16T15:30:41Z",
  "published": "2026-03-16T15:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13212"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7263486"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6554-RH36-HFH2

Vulnerability from github – Published: 2026-06-15 15:31 – Updated: 2026-06-15 15:31
VLAI
Details

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.

This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-799"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T14:16:37Z",
    "severity": "HIGH"
  },
  "details": "Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.\n\nThis issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.",
  "id": "GHSA-6554-rh36-hfh2",
  "modified": "2026-06-15T15:31:33Z",
  "published": "2026-06-15T15:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5233"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6FMH-3798-3J6G

Vulnerability from github – Published: 2026-04-30 15:30 – Updated: 2026-06-06 09:31
VLAI
Details

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.

This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7402"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-799"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T13:16:06Z",
    "severity": "HIGH"
  },
  "details": "Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.\n\nThis issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.",
  "id": "GHSA-6fmh-3798-3j6g",
  "modified": "2026-06-06T09:31:16Z",
  "published": "2026-04-30T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7402"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0141"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-26-0141"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6P8R-6M93-557F

Vulnerability from github – Published: 2026-04-03 03:09 – Updated: 2026-05-06 23:22
VLAI
Summary
OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
Details

Summary

Fake DeviceToken Bypasses Shared Auth Rate Limiting

Current Maintainer Triage

  • Status: narrow
  • Normalized severity: low
  • Assessment: Real in shipped mixed WS auth flow, but practical risk is mostly weak shared-password deployments since strong shared tokens remain non-bruteforceable.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version: 2026.3.31
  • Vulnerable version range: <=2026.3.28
  • Patched versions: >= 2026.3.31
  • First stable tag containing the fix: v2026.3.31

Fix Commit(s)

  • af0c0862f22ca4492406a3103d05e3628f94cbe9 — 2026-03-31T09:08:57+09:00

Release Process Note

  • The fix is already present in released version 2026.3.31.

OpenClaw thanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.28"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307",
      "CWE-799"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T03:09:18Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\nFake DeviceToken Bypasses Shared Auth Rate Limiting\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Real in shipped mixed WS auth flow, but practical risk is mostly weak shared-password deployments since strong shared tokens remain non-bruteforceable.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `af0c0862f22ca4492406a3103d05e3628f94cbe9` \u2014 2026-03-31T09:08:57+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n\nOpenClaw thanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard)  for reporting.",
  "id": "GHSA-6p8r-6m93-557f",
  "modified": "2026-05-06T23:22:13Z",
  "published": "2026-04-03T03:09:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6p8r-6m93-557f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/af0c0862f22ca4492406a3103d05e3628f94cbe9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-authentication-rate-limiting-bypass-via-fake-devicetoken"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting"
}

GHSA-6RMX-GVVG-VH6J

Vulnerability from github – Published: 2026-03-09 19:52 – Updated: 2026-03-09 19:52
VLAI
Summary
OpenClaw's hooks count non-POST requests toward auth lockout
Details

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-POST requests (for example GET) with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for that client key.

The fix moves the hook method gate ahead of auth-failure accounting so unsupported methods return 405 Method Not Allowed without incrementing the hook auth limiter.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.3.2
  • Patched version: 2026.3.7
  • Latest published npm version at patch time: 2026.3.2

Impact

An unauthenticated network client that could reach /hooks/* could temporarily lock out legitimate webhook delivery when requests collapsed to the same hook auth client key, such as shared proxy or NAT topologies. Impact is limited to temporary availability loss for hook-triggered wake or automation delivery.

Fix Commit(s)

  • 44820dceadac65ac7c0ce8fc0ffba8c2bd9fae89

Verification

  • pnpm check passed
  • pnpm test:fast passed
  • focused hook regression tests passed
  • pnpm exec vitest run --config vitest.gateway.config.ts still has unrelated current-main failures in src/gateway/server-channels.test.ts and src/gateway/server-methods/agents-mutate.test.ts

Release Process Note

npm 2026.3.7 was published on March 8, 2026. This advisory is fixed in the released package.

Thanks @JNX03 for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-307",
      "CWE-799"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-09T19:52:47Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "OpenClaw\u0027s hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-`POST` requests (for example `GET`) with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for that client key.\n\nThe fix moves the hook method gate ahead of auth-failure accounting so unsupported methods return `405 Method Not Allowed` without incrementing the hook auth limiter.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.3.2`\n- Patched version: `2026.3.7`\n- Latest published npm version at patch time: `2026.3.2`\n\n## Impact\n\nAn unauthenticated network client that could reach `/hooks/*` could temporarily lock out legitimate webhook delivery when requests collapsed to the same hook auth client key, such as shared proxy or NAT topologies. Impact is limited to temporary availability loss for hook-triggered wake or automation delivery.\n\n## Fix Commit(s)\n\n- `44820dceadac65ac7c0ce8fc0ffba8c2bd9fae89`\n\n## Verification\n\n- `pnpm check` passed\n- `pnpm test:fast` passed\n- focused hook regression tests passed\n- `pnpm exec vitest run --config vitest.gateway.config.ts` still has unrelated current-`main` failures in `src/gateway/server-channels.test.ts` and `src/gateway/server-methods/agents-mutate.test.ts`\n\n## Release Process Note\n\nnpm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.\n\nThanks @JNX03 for reporting.",
  "id": "GHSA-6rmx-gvvg-vh6j",
  "modified": "2026-03-09T19:52:47Z",
  "published": "2026-03-09T19:52:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6rmx-gvvg-vh6j"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/44820dceadac65ac7c0ce8fc0ffba8c2bd9fae89"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw\u0027s hooks count non-POST requests toward auth lockout"
}

GHSA-76JH-WM3G-GCHP

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-799"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:17Z",
    "severity": "HIGH"
  },
  "details": "An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker\u0027s resources and the password target complexity.",
  "id": "GHSA-76jh-wm3g-gchp",
  "modified": "2026-03-10T18:31:19Z",
  "published": "2026-03-10T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24017"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-772M-773G-QMHC

Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 22:43
VLAI
Summary
Missing rate limit in MaysWind ezBookkeeping
Details

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mayswind/ezbookkeeping"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-57603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-799"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-13T22:43:43Z",
    "nvd_published_at": "2025-02-12T22:15:40Z",
    "severity": "MODERATE"
  },
  "details": "An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.",
  "id": "GHSA-772m-773g-qmhc",
  "modified": "2025-02-13T22:43:43Z",
  "published": "2025-02-13T00:33:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57603"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mayswind/ezbookkeeping/issues/33"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mayswind/ezbookkeeping"
    },
    {
      "type": "WEB",
      "url": "https://hkohi.ca/vulnerability/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing rate limit in MaysWind ezBookkeeping"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.