laravel/laravel is doing malicious password resetting. The vulnerability exists because an attacker who knows the target’s e-mail address can send proxy password reset requests through a running Akaunting instance.
github.com/advisories/GHSA-246r-r2wf-frhx
github.com/laravel/laravel/commit/b7cde8b495e183f386da63ff7792e0dea9cfcf56
github.com/laravel/laravel/pull/5477
www.laravel-enlightn.com/docs/security/host-injection-analyzer.html
www.laravel-enlightn.com/docs/security/host-injection-analyzer.html
www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/
www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/