Vulnerabilities > Embedthis > Goahead > 4.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-25 | CVE-2021-43298 | Improper Restriction of Excessive Authentication Attempts vulnerability in Embedthis Goahead The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. | 9.8 |
| 2021-10-14 | CVE-2021-42342 | Unrestricted Upload of File with Dangerous Type vulnerability in Embedthis Goahead An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. | 9.8 |
| 2020-07-23 | CVE-2020-15688 | Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. | 8.8 |
| 2019-11-22 | CVE-2019-19240 | Use of Uninitialized Resource vulnerability in Embedthis Goahead Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. | 5.3 |
| 2019-06-14 | CVE-2019-12822 | Expression Language Injection vulnerability in Embedthis Goahead In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | 7.5 |