← Back

CVE-2019-11514

nvd nist
Published: Apr 25, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.

Affected (10)

Products: Flarum: Flarum
Flarum
1 product
Flarum
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Flarum
Flarum
Version 0.1.0
Flarum
Version 0.1.0 beta2
Flarum
Version 0.1.0 beta3
Flarum
Version 0.1.0 beta4
Flarum
Version 0.1.0 beta5
Flarum
Version 0.1.0 beta6
Flarum
Version 0.1.0 beta7.1
Flarum
Version 0.1.0 beta7.2
Flarum
Version 0.1.0 beta7
Flarum
Version 0.1.0 beta

Related CWEs

CWE-459
Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.