Shynet before 0.14.0 allows Host header injection in the password reset flow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 6.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L | 1.6 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| shynet | shynet | * |