First published: Sat Sep 21 2019(Updated: )
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pagekit pagekit | =1.0.17 | |
composer/pagekit/pagekit | =1.0.17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.