Vulnerabilities > Strapi > Strapi > 3.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-07 | CVE-2019-18818 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Strapi strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. | 7.5 |