CVE-2024-57610

Name of the Vulnerable Software and Affected Versions Sylius version 2.0.2

Description A rate limiting issue allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use firewalls, rate-limiting middleware, or authentication providers for that functionality.

Recommendations For Sylius version 2.0.2, consider using firewalls, rate-limiting middleware, or authentication providers to mitigate the risk of brute-force attacks, as the Sylius core software does not address this functionality.