CVE-2020-27687

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-27687

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.

Source: CVE-2020-27687

답글 남기기 응답 취소