CVE-2020-27687
Published
CVSS v3
8.8
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.
Open-source IoT Platform - Device management, data collection, processing and visualization.
GitHub