Vulnerability Details CVE-2024-26470
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.4%
CVSS Severity
CVSS v3 Score 8.1
References
- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470
- https://github.com/fullstackhero/dotnet-webapi-boilerplate
- https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate
- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470
- https://github.com/fullstackhero/dotnet-webapi-boilerplate
- https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate
Products affected by CVE-2024-26470
-
cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.0
-
cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.1