Lucene search
GoogleOSV:CVE-2020-27687HistoryDec 18, 2020 - 7:15 p.m.
CVE-2020-27687
2020-12-1819:15:14
Google
osv.dev
6
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thingsboard | eq | 1.3.1 | |
| thingsboard | eq | 1.2.1 | |
| thingsboard | eq | 2.4 | |
| thingsboard | eq | 2.0.1 | |
| thingsboard | eq | 1.3 | |
| thingsboard | eq | 2.1.2 | |
| thingsboard | eq | 2.4.3 | |
| thingsboard | eq | 1.1 | |
| thingsboard | eq | 2.5 | |
| thingsboard | eq | 2.4.2 |
Related
cve
cve
CVE-2020-27687
2020-12-18 19:15:14
cvelist
cvelist
CVE-2020-27687
2020-12-18 18:27:23
prion
prion
Design/Logic Flaw
2020-12-18 19:15:00
nvd
nvd
CVE-2020-27687
2020-12-18 19:15:14