pwpush

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pwpushpage 1 of 1

CVE-2024-52796MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.49.0
2024-11-20
vulnerable: 0.1.0
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad …
CVE-2024-56733MEDIUMCVSS 5.7EG 5.7
2024-12-30
vulnerable: 0.1.0
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potential…

Check whether pwpush is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pwpush CVEs against the assets you own.

Start Free Scan →