Forem
Monthly
Authentication bypass in Forem (prior to commit a2ab6d4) allows remote attackers to circumvent email domain allowlist/denylist controls by submitting RFC 2047 encoded-word email addresses, enabling unauthorized registration on invite-only deployments. The flaw arises because the raw email string passes domain checks while downstream mail decoding resolves it to an attacker-controlled address, with no public exploit identified at time of analysis.
{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authentication bypass in Forem (prior to commit a2ab6d4) allows remote attackers to circumvent email domain allowlist/denylist controls by submitting RFC 2047 encoded-word email addresses, enabling unauthorized registration on invite-only deployments. The flaw arises because the raw email string passes domain checks while downstream mail decoding resolves it to an attacker-controlled address, with no public exploit identified at time of analysis.
{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.