CVE-2024-57610

HIGH

Sylius - Brute Force

Title source: rule

Description

A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use "firewalls, rate-limiting middleware, or authentication providers" for that functionality.

Exploits (2)

nomisec SUSPICIOUS
by Mr-UN533N · poc
https://github.com/Mr-UN533N/CVE-2024-57610
nomisec WRITEUP
by str4ng3r-0x7 · poc
https://github.com/str4ng3r-0x7/CVE-2024-57610

References (3)

Scores

CVSS v3 7.5
EPSS 0.0974
EPSS Percentile 93.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-307
Status published
Products (2)
sylius/sylius 2.0.2
sylius/sylius 0Packagist
Published Feb 06, 2025
Tracked Since Feb 18, 2026