CVE-2024-42914

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/soursec/CVEs/tree/main/CVE-2024-42914	Exploit Third Party Advisory
https://github.com/trquoccuong/ArrowCMS/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:arrowjs:arrowcms:1.0.0:*:*:*:*:node.js:*:*

History

21 Apr 2025, 14:40

Type	Values Removed	Values Added
First Time		Arrowjs arrowcms Arrowjs
References	~~() https://github.com/soursec/CVEs/tree/main/CVE-2024-42914 -~~	() https://github.com/soursec/CVEs/tree/main/CVE-2024-42914 - Exploit, Third Party Advisory
References	~~() https://github.com/trquoccuong/ArrowCMS/ -~~	() https://github.com/trquoccuong/ArrowCMS/ - Product
CPE		cpe:2.3:a:arrowjs:arrowcms:1.0.0:::::node.js::

Information

Published : 2024-08-23 19:15

Updated : 2025-04-21 14:40

NVD link : CVE-2024-42914

Mitre link : CVE-2024-42914

CVE.ORG link : CVE-2024-42914

JSON object : View

Products Affected

arrowjs

arrowcms

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2024-42914", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-08-23T19:15:07.010", "references": [{"url": "https://github.com/soursec/CVEs/tree/main/CVE-2024-42914", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/trquoccuong/ArrowCMS/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de encabezado de host en la funcionalidad de contrase\u00f1a olvidada de ArrowCMS versi\u00f3n 1.0.0. Al enviar un encabezado de host especialmente manipulado en la solicitud de contrase\u00f1a olvidada, es posible enviar enlaces de restablecimiento de contrase\u00f1a a los usuarios que, una vez que se hace clic, conducen a un servidor controlado por el atacante y, por lo tanto, filtran el token de restablecimiento de contrase\u00f1a. Esto puede permitir que un atacante restablezca las contrase\u00f1as de otros usuarios."}], "lastModified": "2025-04-21T14:40:46.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arrowjs:arrowcms:1.0.0:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "22863EC0-AC16-413E-BD61-952012CAA8B3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}