CVE-2024-45980

Name of the Vulnerable Software and Affected Versions MEANStore version 1.0

Description A host header injection issue allows attackers to obtain the password reset token via user interaction with a crafted password reset link, enabling them to reset other users' passwords and compromise their accounts.

Recommendations For MEANStore version 1.0, as a temporary workaround, consider restricting user interaction with password reset links until a patch is available. Additionally, avoid using crafted links that could exploit the host header injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.