Mouse-Reeve

**Name of the Vulnerable Software and Affected Versions** BookWyrm versions prior to 0.4.5 **Description** BookWyrm, a social network for tracking reading, has an issue where versions prior to 0.4.5 lack rate limiting on authentication views. This lack of rate limiting allows for brute-force attacks. The issue has been patched in version 0.4.5. **Recommendations** For versions prior to 0.4.5, update to version 0.4.5 to patch the issue. As a temporary workaround for users unable to upgrade, manually update the `nginx.conf` file with the necessary changes to add rate limiting on authentication views. Admins with existing instances should update their `nginx.conf` file that was created when the instance was set up.

**Name of the Vulnerable Software and Affected Versions** BookWyrm versions prior to 0.3.0 **Description** The functionality to load a cover via URL in BookWyrm is vulnerable to a server-side request forgery attack. This issue can be exploited by a logged-in user. As a workaround, BookWyrm instances can close registration and limit members to trusted individuals. **Recommendations** For versions prior to 0.3.0, upgrade to version 0.3.0 to resolve the issue. As a temporary workaround, consider closing registration and limiting members to trusted individuals to minimize the risk of exploitation.