Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-cv25-3gmg-c6m8

Опубликовано: 06 янв. 2022
Источник: github
Github: Прошло ревью
CVSS3: 8.8

Описание

Injection in UserFrosting

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.

Ссылки

Пакеты

Наименование

userfrosting/userfrosting

composer
Затронутые версииВерсия исправления

>= 0.3.1, < 4.6.3

4.6.3

EPSS

Процентиль: 82%
0.01758
Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-25994

Дефекты

CWE-74

Связанные уязвимости

nvd логотип

CVE-2021-25994

CVSS3: 8.8
nvd
около 4 лет назад

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.

EPSS

Процентиль: 82%
0.01758
Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-25994

Дефекты

CWE-74