-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| modoboa | pip | <= 2.0.3 | 2.0.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing API throttling mechanisms in authentication-related endpoints. The patch adds throttle_classes to these views (LoginThrottle, PasswordResetRequestThrottle, etc.) and implements a GetThrottleViewsetMixin across critical endpoints. Prior to 2.0.4, these authentication flows lacked rate limiting, enabling brute-force attacks and credential stuffing. The affected functions are clearly identified in the diff as receiving throttling protections in the patched version.
Ongoing coverage of React2Shell