CVE-2024-45982

Name of the Vulnerable Software and Affected Versions scheduleR version 0.0.18

Description A host header injection vulnerability allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This enables attackers to arbitrarily reset other users' passwords and compromise their accounts.

Recommendations For scheduleR version 0.0.18, consider disabling the password reset functionality until a patch is available to prevent exploitation of the host header injection vulnerability. Restrict access to the password reset link to minimize the risk of account compromise.