Vulnerabilities

CVE-2020-27687

by Fred · 18/12/2020

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.

Date published : 2020-12-18

https://gist.github.com/vin01/26a8bb13233acd9425e7575a7ad4c936

https://github.com/thingsboard/thingsboard/commits/master

Similar

Tags: Cybersecurity Alert