FullStackHero's WebAPI Boilerplate host header injection vulnerability
Moderate severity
GitHub Reviewed
Published
Feb 29, 2024
to the GitHub Advisory Database
•
Updated Aug 28, 2024
Package
Affected versions
>= 1.0.0, <= 1.0.1
Patched versions
None
Description
Published by the National Vulnerability Database
Feb 29, 2024
Published to the GitHub Advisory Database
Feb 29, 2024
Reviewed
Mar 1, 2024
Last updated
Aug 28, 2024
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.
References