CVE-2024-45522

Published September 2nd, 2024

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.

Linen-dev/linen.dev

Lightweight Google-searchable Slack alternative for Communities

GitHub

2.77K