Vulnerabilities > CVE-2024-45522 - Unspecified vulnerability in Linen

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

linen

critical

NVD

Published: 2024-09-02

Updated: 2024-09-05

Summary

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.

Vulnerable Configurations

Part	Description	Count
Application	Linen Linen Linen *	1

References

https://github.com/Linen-dev/linen.dev/commit/cd37c3e88ec29f4e7baae7e32fe80d0137848d10