GHSA-7rc8-5c8q-jr6j

Source

https://github.com/advisories/GHSA-7rc8-5c8q-jr6j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-7rc8-5c8q-jr6j/GHSA-7rc8-5c8q-jr6j.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7rc8-5c8q-jr6j

Aliases

CVE-2025-62527

Published

2025-10-20T20:08:45Z

Modified

2025-10-22T17:12:15.899028Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Taguette password reset link poisoning

Details

Impact

An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.

Patches

Users should upgrade to Taguette 1.5.0.

References

https://gitlab.com/remram44/taguette/-/issues/331

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2025-10-20T20:15:37Z",
    "cwe_ids": [
        "CWE-15"
    ],
    "github_reviewed_at": "2025-10-20T20:08:45Z",
    "severity": "HIGH"
}

References

Affected packages

PyPI / taguette

Package

Name: taguette; View open source insights on deps.dev
Purl: pkg:pypi/taguette

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.0

Affected versions

0.*

0.0

0.0.1

0.1

0.2

0.3

0.4

0.4.1

0.4.2

0.4.3

0.4.4

0.5.post1

0.6

0.7

0.8

0.9

0.9.1

0.9.2

0.10

0.10.1

0.11

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.2.0

1.3.0

1.4.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-7rc8-5c8q-jr6j/GHSA-7rc8-5c8q-jr6j.json"