Vulnerabilities > Strapi > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2019-18818 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Strapi
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
network
low complexity
strapi CWE-640
7.5
7.5