CouchAuth 安全漏洞

CouchAuth is an authentication API developed by Perfood. Version 0.26.0 of CouchAuth contains a security vulnerability. This vulnerability stems from observable time differences, which may allow access to sensitive information through timing side channels...

CouchAuth 安全漏洞

CouchAuth is an authentication API developed by Perfood. Version 0.26.0 of CouchAuth contains a security vulnerability. This vulnerability stems from a potential host header injection in the email component, which could lead to the acquisition of reset tokens and account takeover attacks...

CouchAuth 安全漏洞

CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...

CouchAuth has a Server-Side Template Injection vulnerability in its email functionality

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

GHSA-R385-C5FC-X56C CouchAuth has a Server-Side Template Injection vulnerability in its email functionality

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

CouchAuth 注入漏洞

CouchAuth is a Perfood open source authentication API. An injection vulnerability exists in CouchAuth 0.21.2 and earlier versions, which stems from the presence of host header injection in NPM packages, allowing an attacker to trigger an SSTI via a specially crafted request to disclose informatio...

CouchAuth Security Breach

CouchAuth is an authentication API. A security vulnerability exists in CouchAuth version 0.20.0 and prior versions, which stems from a password reset link that can be sent to a user by sending a specially crafted host header in a forgotten password request, which, if clicked, could allow an...