Unrated severityNVD Advisory· Published Dec 18, 2020· Updated Aug 4, 2024
CVE-2020-27687
CVE-2020-27687
Description
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ThingsBoard/ThingsBoarddescription
- Range: <3.2
Patches
Vulnerability mechanics
References
2- gist.github.com/vin01/26a8bb13233acd9425e7575a7ad4c936mitrex_refsource_MISC
- github.com/thingsboard/thingsboard/commits/mastermitrex_refsource_MISC
News mentions
0No linked articles in our index yet.