NuGet package
serenity.net.web
pkg:nuget/serenity.net.web
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-31287 | — | < 6.7.0 | 6.7.0 | Apr 27, 2023 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the passwor | ||
| CVE-2023-31286 | — | < 6.7.0 | 6.7.0 | Apr 27, 2023 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. |
- CVE-2023-31287Apr 27, 2023affected < 6.7.0fixed 6.7.0
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the passwor
- CVE-2023-31286Apr 27, 2023affected < 6.7.0fixed 6.7.0
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.