CVE-2020-27687
N/A
N/A
Summary
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/thingsboard/thingsboard/commits/master
- https://gist.github.com/vin01/26a8bb13233acd9425e7575a7ad4c936
References
- https://github.com/thingsboard/thingsboard/commits/master
- https://gist.github.com/vin01/26a8bb13233acd9425e7575a7ad4c936
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.