CVE-2025-70948

Name of the Vulnerable Software and Affected Versions @perfood/couch-auth version 0.26.0

Description A host header injection flaw exists in the mailer component. This allows attackers to obtain reset tokens and potentially take over accounts by manipulating the HTTP Host header. The affected component is used for authentication.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider validating and sanitizing the Host header before processing it within the mailer component.