CVE-2021-25980

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-25980
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25980.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-25980
Published
2021-11-11T07:15:11Z
Modified
2025-01-08T10:34:57.967169Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.

References

Affected packages

Git / github.com/debiki/talkyard

Affected ranges

Type
GIT
Repo
https://github.com/debiki/talkyard
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

atokentest

tyse-v0.*

tyse-v0.2021.02-879ef3fe1-regular
tyse-v0.2021.03-WIP-08651b327-dev
tyse-v0.2021.04-WIP-054ddae14-dev
tyse-v0.2021.05-WIP-a990d9a4c-dev
tyse-v0.2021.06-WIP-1fa610a8e-dev
tyse-v0.2021.07-WIP-1666910df-dev
tyse-v0.2021.08-639ccf013-regular
tyse-v0.2021.08-WIP-639ccf013-dev
tyse-v0.2021.09-WIP-15a6c2abb-dev
tyse-v0.2021.10-WIP-e846283fa-dev
tyse-v0.2021.10-e846283fa-regular
tyse-v0.2021.11-WIP-aa85ed592-dev
tyse-v0.2021.12-WIP-b45a9a961-dev
tyse-v0.2021.13-0228cfe28-regular
tyse-v0.2021.13-WIP-0228cfe28-dev
tyse-v0.2021.14-480447245-regular
tyse-v0.2021.14-WIP-480447245-dev
tyse-v0.2021.15-WIP-da7be0185-dev
tyse-v0.2021.16-WIP-b73ddf6e3-dev
tyse-v0.2021.17-WIP-f7b9884db-dev
tyse-v0.2021.17-f7b9884db-regular
tyse-v0.2021.18-WIP-79c41121d-dev
tyse-v0.2021.19-95292d527-regular
tyse-v0.2021.19-WIP-95292d527-dev
tyse-v0.2021.20-33a06102f-regular
tyse-v0.2021.20-WIP-33a06102f-dev
tyse-v0.2021.21-15177b939-regular
tyse-v0.2021.21-WIP-15177b939-dev
tyse-v0.2021.22-636270da5-regular
tyse-v0.2021.22-WIP-636270da5-dev
tyse-v0.2021.23-8ddc736ad-regular
tyse-v0.2021.23-WIP-8ddc736ad-dev
tyse-v0.2021.24-WIP-bb6e05390-dev
tyse-v0.2021.24-bb6e05390-regular
tyse-v0.2021.25-WIP-b73f32922-dev
tyse-v0.2021.25-b73f32922-regular
tyse-v0.2021.26-WIP-fc86e0436-dev
tyse-v0.2021.27-3e9e549c2-regular
tyse-v0.2021.27-WIP-3e9e549c2-dev
tyse-v0.2021.28-WIP-af66b6905-dev
tyse-v0.2021.28-af66b6905-regular

v0.*

v0.04.01
v0.2020.22-WIP-b2e97fe0e
v0.2020.23-WIP-c51ac795d
v0.2020.24-WIP-ba2442de3
v0.2020.24-ba2442de3
v0.2020.25-WIP-416586171
v0.2020.26-8bbe2b33e
v0.2020.26-WIP-8bbe2b33e
v0.2020.27-381ce151d
v0.2020.27-WIP-381ce151d
v0.2020.28-WIP-fa70a2c9d
v0.2020.28-fa70a2c9d
v0.2020.29-WIP-afff30f63
v0.2020.29-afff30f63
v0.2020.30-2a4189e88
v0.2020.30-WIP-2a4189e88
v0.2020.31-WIP-af3832ba0
v0.2020.31-af3832ba0
v0.2020.32-WIP-ba5639b23
v0.2020.32-ba5639b23
v0.2020.33-WIP-f2077676b
v0.2020.33-f2077676b
v0.2021.01-923ae76d3
v0.2021.01-WIP-923ae76d3
v0.2021.02-879ef3fe1
v0.2021.02-WIP-879ef3fe1
v0.4.2-ca43efe
v0.4.3-WIP-12-3b65032
v0.4.3-WIP-15-90dbb64
v0.4.3-WIP-16-491830e
v0.4.3-WIP-17-c9bd9e3
v0.4.3-WIP-18-2537760
v0.4.3-WIP-19-66c7951
v0.4.3-WIP-20-d10bfe1
v0.4.3-WIP-21-599f4e8
v0.4.3-WIP-22-35f7e5b
v0.4.3-WIP-23-9b38822
v0.4.3-WIP-5-2adcd11
v0.4.3-WIP-6-2adcd11
v0.4.3-WIP-8-39c417b
v0.4.3-WIP-9-ead4ca1
v0.4.4-55a2d15
v0.4.4-WIP-1-dd5db2a
v0.4.4-WIP-2-d66fd1e
v0.4.4-WIP-3-a7d8166
v0.4.4-WIP-4-829608a
v0.4.4-WIP-5-29a3aaf
v0.4.4-WIP-6-31b09aa
v0.4.4-WIP-7-fa0dd15
v0.4.4-WIP-8-614c2a4
v0.4.4-WIP-9-9892e21
v0.4.5-WIP-1-03ba618
v0.4.5-e6b486c
v0.4.6-WIP-1-fc0c277
v0.4.6-WIP-10-49ab4ff
v0.4.6-WIP-11-d0c5bb9
v0.4.6-WIP-12-6f32c50
v0.4.6-WIP-13-0ea79d3
v0.4.6-WIP-14-5f80e2a
v0.4.6-WIP-15-aae0a12
v0.4.6-WIP-16-7ab8b15
v0.4.6-WIP-16-c3d1a52
v0.4.6-WIP-2-6a386a0
v0.4.6-WIP-3-cfc2b6e
v0.4.6-WIP-4-4b5fa65
v0.4.6-WIP-5-01d1fa2
v0.4.6-WIP-6-61a78d2
v0.4.6-WIP-7-b8abb65
v0.4.6-WIP-8-164ff45
v0.4.6-WIP-9-09787d2
v0.4.7-f5b72f2
v0.4.8-WIP-1-42aff6e
v0.5.0-WIP-1-a6b585b
v0.5.0-WIP-2-f37f3be
v0.5.0-WIP-3-9d444b1
v0.5.0-WIP-4-6f60d0c
v0.6.0-8893090
v0.6.0-WIP-1-425770d
v0.6.1-576508b
v0.6.1-WIP-1-8ad607f
v0.6.1-WIP-2-2943dac
v0.6.1-WIP-3-3a1baa2
v0.6.10-WIP-1-2f56d4c
v0.6.11-WIP-1-7a253b5
v0.6.12-3f99a2c
v0.6.12-WIP-1-3f99a2c
v0.6.13-WIP-1-dd15bfa
v0.6.13-dd15bfa
v0.6.14-WIP-1-ea9c6c9
v0.6.14-ea9c6c9
v0.6.15-3250563
v0.6.15-WIP-1-3250563
v0.6.16-WIP-1-d4d67a1
v0.6.16-d4d67a1
v0.6.17-WIP-1-2950cc1
v0.6.18-WIP-1-443e447
v0.6.19-261f1de
v0.6.19-WIP-1-261f1de
v0.6.2-5d7e15e
v0.6.20-WIP-1-d29dfe9
v0.6.21-WIP-1-efd6624
v0.6.22-85e88ba
v0.6.22-WIP-1-85e88ba
v0.6.23-WIP-1-93a6b2a
v0.6.24-WIP-1-e5d0263
v0.6.24-e5d0263
v0.6.25-8a5d607
v0.6.25-WIP-1-8a5d607
v0.6.26-WIP-1-4936862
v0.6.27-53ec0df
v0.6.27-WIP-1-53ec0df
v0.6.28-17e33ad
v0.6.28-WIP-1-17e33ad
v0.6.29-WIP-1-5351dfe
v0.6.3-7704eb2
v0.6.30-WIP-1-0b723db
v0.6.31-162a3d2
v0.6.31-WIP-1-162a3d2
v0.6.32-WIP-1-b9e25e5
v0.6.33-84748d5
v0.6.33-WIP-1-84748d5
v0.6.34-WIP-1-386f799
v0.6.35-WIP-1-ef7fb05
v0.6.35-ef7fb05
v0.6.36-WIP-1-8649129
v0.6.37-69a25a9
v0.6.37-WIP-1-69a25a9
v0.6.38-WIP-1-32b87bb
v0.6.39-WIP-1-abdebb8
v0.6.4-564d7ab
v0.6.40-WIP-1-ace7f00
v0.6.41-WIP-1-02f7ae5
v0.6.42-WIP-1-1354a5a
v0.6.43-WIP-1-b2528e2
v0.6.43-b2528e2
v0.6.44-WIP-1-950ea40
v0.6.46-WIP-1-24b80c8
v0.6.47-493630d
v0.6.47-WIP-1-493630d
v0.6.48-WIP-1-dfee850
v0.6.49-535d684
v0.6.49-WIP-1-535d684
v0.6.5-WIP-1-af1a761
v0.6.5-WIP-2-f2b9696
v0.6.5-WIP-3-ad48bd0
v0.6.5-eae1ceb
v0.6.50-WIP-1-c07d47b
v0.6.51-163f5bd
v0.6.51-WIP-1-163f5bd
v0.6.52-WIP-1-8ec5349
v0.6.53-WIP-1-4953a4e
v0.6.54-WIP-1-93761d4
v0.6.55-WIP-1-6bd1128
v0.6.56-WIP-1-3c894e1
v0.6.57-WIP-1-a66e4de
v0.6.58-59fa7b2
v0.6.58-WIP-1-59fa7b2
v0.6.59-WIP-1-e335bc4
v0.6.6-WIP-1-a8c2a86
v0.6.6-WIP-2-ce61ac7
v0.6.6-ce61ac7
v0.6.60-WIP-1-a94fba8
v0.6.61-WIP-1-09cec7e
v0.6.62-WIP-1-57672f94f
v0.6.63-WIP-1-dafcf5f
v0.6.64-88b7485
v0.6.64-WIP-1-88b7485
v0.6.65-WIP-1-88e6586
v0.6.66-WIP-1-9204455
v0.6.67-WIP-1-20403d7
v0.6.68-WIP-1-c255d72
v0.6.68-c255d72
v0.6.69-WIP-1-f5313d2
v0.6.7-WIP-1-3192d08
v0.6.7-WIP-2-143b05f
v0.6.7-WIP-3-381e132
v0.6.7-WIP-4-ef6544c
v0.6.7-WIP-5-3f04853
v0.6.7-WIP-6-0cc6df7
v0.6.70-WIP-1-2362267
v0.6.71-WIP-1-e82ed31
v0.6.71-e82ed31
v0.6.72-WIP-1-aa16f5c
v0.6.72-aa16f5c
v0.6.73-WIP-1-af179bf
v0.6.73-af179bf
v0.6.74-63220cb
v0.6.74-WIP-63220cb
v0.6.8-WIP-1-eff2ca3
v0.6.8-WIP-2-e64f29c
v0.6.9-WIP-1-ad27a6e
v0.6.9-WIP-2-ff7a125
v0.6.9-WIP-3-75eef8f