Vulnerabilities > Embedthis > Goahead > 5.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-25 | CVE-2021-43298 | Improper Restriction of Excessive Authentication Attempts vulnerability in Embedthis Goahead The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. | 9.8 |
| 2021-10-14 | CVE-2021-42342 | Unrestricted Upload of File with Dangerous Type vulnerability in Embedthis Goahead An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. | 9.8 |
| 2020-07-23 | CVE-2020-15688 | Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. | 8.8 |
| 2019-12-03 | CVE-2019-5097 | Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 7.5 |
| 2019-12-03 | CVE-2019-5096 | Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 9.8 |