exploitDog

GHSA-28wr-h897-6hmv

Опубликовано: 10 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 2.1

CVSS3: 7.5

Описание

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

Ссылки

EPSS

Процентиль: 11%

0.00039

Низкий

2.1 Low

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-348

Связанные уязвимости

CVE-2025-27913

CVSS3: 7.5

nvd

8 месяцев назад

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

EPSS

Процентиль: 11%

0.00039

Низкий

2.1 Low

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-348