strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| strapi(npm) | 0 | 3.0.0-beta.17.5 | N/A |
CVSS Metrics
