Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
fix: [security] Password confirmation bypass in user edit
- optional password confirmation can be potentially circumvented - fooling the user edit via a request that sets accept:application/json whilst posting form content - as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
- Loading branch information