Pepicrft

**Name of the Vulnerable Software and Affected Versions** Tuist versions prior to 1.180.10 **Description** The forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account because there is no server-side throttling. In self-hosted deployments, this can be used to send large volumes of unwanted email and consume downstream email delivery resources. **Recommendations** Update to version 1.180.10.