While working on RetroUI project, I scanned the dependency manifest and found that it uses a vulnerable version of payload. The scan revealed an input validation issue in the password recovery flow, where an unauthenticated attacker may exploit the forgot-password functionality to perform actions on behalf of legitimate users, potentially leading to unauthorized account access.
CVE Report
CVE Link
While working on RetroUI project, I scanned the dependency manifest and found that it uses a vulnerable version of
payload. The scan revealed an input validation issue in the password recovery flow, where an unauthenticated attacker may exploit the forgot-password functionality to perform actions on behalf of legitimate users, potentially leading to unauthorized account access.CVE Report
CVE Link