CVE-2024-57177 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A host header injection vulnerability exists in the NPM package of perfood/couch-auth
High CVSS: 7.3

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information
Vendor
-
Product
-
CWE
CWE-1336
Yayın Tarihi
2025-02-10 20:15:41
Güncelleme
2025-12-17 16:16:04
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-1336 HIGH 2025

Referanslar

https://github.com/perfood/couch-auth https://github.com/waristea/cve-research/tree/main/CVE-2024-57177