CVE-2025-70948
Published
CVSS v3
9.3
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS
Description
A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.
Powerful authentication for APIs and apps using CouchDB (or Cloudant) with Node >= 14
GitHub
Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.
NPM