GHSA-75x2-6h4m-h6mx

Source

https://github.com/advisories/GHSA-75x2-6h4m-h6mx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-75x2-6h4m-h6mx/GHSA-75x2-6h4m-h6mx.json

Aliases

CVE-2024-26470

Published

2024-02-29T03:33:18Z

Modified

2024-03-01T17:13:54.189094Z

Details

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-26470
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470
https://github.com/fullstackhero/dotnet-webapi-boilerplate
https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate

Affected packages

NuGet / FullStackHero.WebAPI.Boilerplate

Package

Name: FullStackHero.WebAPI.Boilerplate

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Last affected

1.0.1

Affected versions

1.*

1.0.0