CVE-2022-27978

Name of the Vulnerable Software and Affected Versions Tooljet version 1.6

Description The issue arises from the improper handling of missing values in the API, allowing attackers to send a crafted HTTP request to arbitrarily reset passwords.

Recommendations For Tooljet version 1.6, consider restricting access to the password reset functionality until a proper fix is implemented to handle missing values in the API. As a temporary workaround, avoid using the password reset feature via the API to minimize the risk of exploitation.