### [CVE-2022-35925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35925)
![](https://img.shields.io/static/v1?label=Product&message=bookwyrm&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen)

### Description

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.

### POC

#### Reference
- https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/

#### Github
No PoCs found on GitHub currently.