-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability CWE-307 explicitly relates to missing authentication attempt restrictions. In web applications, this typically manifests in the login handler function. While specific code isn't available, the pattern matches: 1) Authentication endpoints are common attack surfaces for brute-force attacks 2) The commit fixing this (0.6.20) would logically add attempt tracking/rate-limiting 3) The vulnerability title directly implicates the authentication flow. The login function is the most probable location where failed attempt counters or delay mechanisms would be missing prior to patching.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| calibreweb | pip | < 0.6.20 | 0.6.20 |