![[@perfood/couch-auth] @perfood/couch-auth has a host header injection vulnerability](/assets/images/github_com_1773014673001.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 4
[@perfood/couch-auth] @perfood/couch-auth has a host header injection vulnerability
By GitHub2026๋
3์ 6์ผ
**[@perfood/couch-auth] @perfood/couch-auth has a host header injection vulnerability**
A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header. References https://nvd.nist.gov/vuln/detail/CVE-2025-70948 https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e https://github.com/perfood/couch-auth https://www.npmjs.com/package/@perfood/couch-auth https://github.com/advisories/GHSA-qw8v-34ww-6q9p
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header. References https://nvd.nist.gov/vuln/detail/CVE-2025-70948 https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e https://github.com/perfood/couch-auth https://www.npmjs.com/package/@perfood/couch-auth https://github.com/advisories/GHSA-qw8v-34ww-6q9p
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.