Описание
FullStackHero's WebAPI Boilerplate host header injection vulnerability
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.
Пакеты
Наименование
FullStackHero.WebAPI.Boilerplate
nuget
Затронутые версииВерсия исправления
>= 1.0.0, <= 1.0.1
Отсутствует
Связанные уязвимости
CVSS3: 8.1
nvd
почти 2 года назад
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.