CVE-2024-26470

Published
View on NVD ↗
CVSS v3
8.1
HIGH
CVSS v2
N/A
Affected
3
PROJECTS

Description

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.

dub-flow/vulnerability-research
dub-flow/vulnerability-research
This repository contains information on the CVEs I found.
GitHubGitHub
53
FullStackHero.WebAPI.Boilerplate
FullStackHero.WebAPI.Boilerplate
Clean Architecture Template for .NET 7.0 WebAPI built with Multitenancy Support.
NuGet GalleryNuGet Gallery
fullstackhero/dotnet-starter-kit
fullstackhero/dotnet-starter-kit
Production Grade Cloud-Ready .NET 10 Starter Kit (Web API + React Client) with Multitenancy Support, and Clean/Modular Architecture that saves roughly 200+ Development Hours! All Batteries Included.
GitHubGitHub
6.49K