CNNVD-202510-3234 Information

CNNVD ID

CNNVD-202510-3234

Related CVE

CVE-2025-61132

• CNNVD Published: 2025-10-23

Description (Chinese)

braindump是Lev Lazinskiy个人开发者的一个笔记平台。 braindump 0.4.14版本存在安全漏洞，该漏洞源于密码重置组件未正确验证Host标头，可能导致密码重置投毒和账户接管。

Description (English)

Braindump is a notebook platform for Lev Lazinskiy’s personal developer. There is a security loophole in version 0.4.14 of braindump, which arises from the failure of the password reset component to correctly verify the host header, which may lead to the re-loading of the password and the taking over of the account.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-23

Last Modified

2026-02-24

References

https://drive.google.com/file/d/1FmkctLdOTGMdy6GgLaTzfxemdVDeiA7J/view?usp=sharing https://gist.github.com/BrookeYangRui/94c3bee0c2cbc1ed81a21d4448550c21 https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/auth/views.py#L131-L148 https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/templates/auth/email/reset_password.html#L1-L8 https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning https://access.redhat.com/security/cve/cve-2025-61132