CVE-2024-45981

Name of the Vulnerable Software and Affected Versions BookReviewLibrary version 1.0

Description A host header injection issue allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This is achieved through manipulating the host header, which can lead to unauthorized access to sensitive information.

Recommendations For BookReviewLibrary version 1.0, consider disabling password reset functionality until a patch is available to prevent exploitation of the host header injection issue. Restrict access to password reset links to minimize the risk of attackers crafting malicious links. Avoid using user-interaction-based password reset mechanisms in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.