mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 13:36:56 +00:00
28 lines
1.0 KiB
JSON
28 lines
1.0 KiB
JSON
{
|
|
"id": "CVE-2023-38877",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-09-28T04:15:12.280",
|
|
"lastModified": "2023-09-28T12:44:04.973",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38877",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/gugoan/economizzer/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.economizzer.org",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |