Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.
References
Configurations
History
No history.
Information
Published : 2023-04-26 16:15
Updated : 2025-02-03 19:15
NVD link : CVE-2022-27978
Mitre link : CVE-2022-27978
CVE.ORG link : CVE-2022-27978
JSON object : View
Products Affected
tooljet
- tooljet
CWE
CWE-755
Improper Handling of Exceptional Conditions