Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` header (or exploit a misconfigured proxy/load-balancer that forwards the header unchanged) can cause reset links to point to attacker-controlled domains or be delivered via insecure HTTP, enabling token theft, phishing, and account takeover.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dev jobs handlebars 安全漏洞
Vulnerability Description
Dev jobs handlebars是Felix个人开发者的一个求职软件。 Dev jobs handlebars 1.0版本存在安全漏洞,该漏洞源于使用不受信任的req.headers.host标头生成绝对密码重置链接并强制使用http方案,可能导致令牌窃取、钓鱼攻击和账户接管。
CVSS Information
N/A
Vulnerability Type
N/A