Описание
A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information
EPSS
Процентиль: 33%
0.00131
Низкий
7.3 High
CVSS3
Дефекты
CWE-1336
Связанные уязвимости
CVSS3: 4.3
github
12 месяцев назад
CouchAuth has a Server-Side Template Injection vulnerability in its email functionality
EPSS
Процентиль: 33%
0.00131
Низкий
7.3 High
CVSS3
Дефекты
CWE-1336