GHSA-7rc8-5c8q-jr6j

Опубликовано: 20 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 7.1

Описание

Taguette password reset link poisoning

Impact

An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.

Patches

Users should upgrade to Taguette 1.5.0.

References

https://gitlab.com/remram44/taguette/-/issues/331

Ссылки

Пакеты

Наименование

taguette

pip

Затронутые версииВерсия исправления

< 1.5.0

1.5.0

EPSS

Процентиль: 10%

0.00036

Низкий

7.1 High

CVSS3

CVE ID

CVE-2025-62527

Дефекты

CWE-15

Связанные уязвимости

CVE-2025-62527

CVSS3: 7.1

nvd

4 месяца назад

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

EPSS

Процентиль: 10%

0.00036

Низкий

7.1 High

CVSS3

CVE ID

CVE-2025-62527

Дефекты

CWE-15