CVE-2025-53373 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when re…
High CVSS: 8.9

CVE-2025-53373

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b.
Vendor
-
Product
-
CWE
CWE-640
Yayın Tarihi
2025-07-07 16:15:24
Güncelleme
2025-07-08 16:18:34
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-640 HIGH 2025

Referanslar

https://github.com/ahmed-elgaml11/Natours/commit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b https://github.com/ahmed-elgaml11/Natours/security/advisories/GHSA-8gmw-7p75-58qv