Описание
Answer vulnerable to account takeover because password reset links do not expire
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire.
Пакеты
Наименование
github.com/answerdev/answer
go
Затронутые версииВерсия исправления
< 1.0.6
1.0.6
Связанные уязвимости
CVSS3: 8.8
nvd
почти 3 года назад
Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.