{"id":"PYSEC-2021-339","details":"Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.","aliases":["CVE-2020-18698","GHSA-h6r2-pgvx-683c"],"modified":"2025-10-09T07:29:16.973313Z","published":"2021-08-16T18:15:00Z","references":[{"type":"REPORT","url":"https://github.com/TaleLin/lin-cms-flask/issues/27"}],"affected":[{"package":{"name":"lin-cms","ecosystem":"PyPI","purl":"pkg:pypi/lin-cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.1.1a1","0.1.1a2","0.1.1a3","0.1.1a4","0.1.1a5","0.1.1a6","0.1.1a7","0.1.1a8","0.1.1b1","0.1.1b2","0.1.1b3","0.1.1b4","0.2.0b1","0.2.0b2","0.2.0b3","0.3.0a10","0.3.0a2","0.3.0a3","0.3.0a4","0.3.0a5","0.3.0a6","0.3.0a7","0.3.0a8","0.3.0a9","0.3.1","0.4.0","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.10","0.4.11","0.4.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/lin-cms/PYSEC-2021-339.yaml"}}],"schema_version":"1.7.3"}