CVE-2022-23079

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23079

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23079.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23079

Published

2022-06-22T13:15:08.027Z

Modified

2025-11-14T12:57:08.165564Z

Summary

[none]

Details

In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.

References

Affected packages

Git / github.com/motor-admin/motor-admin

Affected ranges

Type: GIT
Repo: https://github.com/motor-admin/motor-admin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a461b7507940a1fa062836daa89c82404fe3ecf9

Affected versions

0.*

0.2.16

0.2.17

0.2.18

0.2.19

0.2.21

0.2.23

0.2.24

0.2.25

0.2.26

0.2.31

0.2.33

0.2.35

0.2.38

0.2.49

0.2.51

0.2.56