Security Advisory

CVE-2024-57177

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-10 00:00:00

Last updated 2025-12-17 15:56:55

Assigner mitre

State PUBLISHED

Description

A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information

← Browse all CVEs View on cve.org ↗