4 matches found
EUVD-2025-34769
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...
CVE-2025-61536
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...
Dev jobs handlebars 安全漏洞
Dev jobs handlebars is a job search program by Felix Individual Developers. A security vulnerability exists in Dev jobs handlebars version 1.0 that stems from the use of an untrusted req.headers.host header to generate an absolute password reset link and force the use of an http scheme, which cou...
CVE-2025-61536
FelixRiddle dev-jobs-handlebars 1.0 is affected by CVE-2025-61536. The issue arises from generating absolute password-reset (magic) links using the untrusted req.headers.host header and forcing the http:// scheme. This allows an attacker who can control the Host header (or a misconfigured proxy/l...