The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| moin(PyPI) | 0 | 1.6.1 | N/A |
CVSS Metrics
