EPSS
Percentile
68.0%
sorcery uses an improper session management. The vulnerability allows brute force attack to be carried out on the password authentication since the expired protection is not re-enabled after the first lockout period.
github.com/Sorcery/sorcery/commit/0f116d223826895a73b12492f17486e5d54ab7a7
github.com/Sorcery/sorcery/issues/231
github.com/Sorcery/sorcery/pull/235
github.com/Sorcery/sorcery/security/advisories/GHSA-jc8m-cxhj-668x