{"id":"CVE-2021-25980","details":"In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.","modified":"2026-05-14T13:08:57.773715Z","published":"2021-11-11T07:15:11.380Z","references":[{"type":"ADVISORY","url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25980"},{"type":"FIX","url":"https://github.com/debiki/talkyard/commit/4067e191a909ed06f250d09a40e43aa5edbb0289"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/debiki/talkyard","events":[{"introduced":"8e90aa7d2eb75c1e43026008c6a7a360a9c39eb8"},{"last_affected":"63220cb02e4036b9ad13b5636c3eccab52a2d16a"},{"introduced":"b2e97fe0e77f68ae5fe045c0be27d357a3124c6c"},{"last_affected":"879ef3fe1e622c6d169ed775af32a1999c4cb6c5"},{"introduced":"879ef3fe1e622c6d169ed775af32a1999c4cb6c5"},{"last_affected":"af66b690544d0c172d365b0129cca7779d4907ef"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0.04.01"},{"last_affected":"0.6.74-wip-63220cb"},{"introduced":"0.2020.22-wip-b2e97fe0e"},{"last_affected":"0.2021.02-wip-879ef3fe1"},{"introduced":"tyse-v0.2021.02-879ef3fe1-regular"},{"last_affected":"tyse-v0.2021.28-af66b6905-regular"}],"cpe":"cpe:2.3:a:talkyard:talkyard:*:*:*:*:*:*:*:*"}}],"versions":["tyse-v0.2021.28-af66b6905-regular","tyse-v0.2021.28-WIP-af66b6905-dev","tyse-v0.2021.27-WIP-3e9e549c2-dev","tyse-v0.2021.27-3e9e549c2-regular","tyse-v0.2021.26-WIP-fc86e0436-dev","tyse-v0.2021.25-b73f32922-regular","tyse-v0.2021.25-WIP-b73f32922-dev","tyse-v0.2021.24-bb6e05390-regular","tyse-v0.2021.24-WIP-bb6e05390-dev","tyse-v0.2021.23-WIP-8ddc736ad-dev","tyse-v0.2021.23-8ddc736ad-regular","tyse-v0.2021.22-WIP-636270da5-dev","tyse-v0.2021.22-636270da5-regular","tyse-v0.2021.21-WIP-15177b939-dev","tyse-v0.2021.21-15177b939-regular","tyse-v0.2021.20-WIP-33a06102f-dev","tyse-v0.2021.20-33a06102f-regular","tyse-v0.2021.19-WIP-95292d527-dev","tyse-v0.2021.19-95292d527-regular","tyse-v0.2021.18-WIP-79c41121d-dev","tyse-v0.2021.17-f7b9884db-regular","tyse-v0.2021.17-WIP-f7b9884db-dev","tyse-v0.2021.16-WIP-b73ddf6e3-dev","tyse-v0.2021.15-WIP-da7be0185-dev","tyse-v0.2021.14-WIP-480447245-dev","tyse-v0.2021.14-480447245-regular","tyse-v0.2021.13-WIP-0228cfe28-dev","tyse-v0.2021.13-0228cfe28-regular","tyse-v0.2021.12-WIP-b45a9a961-dev","tyse-v0.2021.11-WIP-aa85ed592-dev","tyse-v0.2021.10-e846283fa-regular","tyse-v0.2021.10-WIP-e846283fa-dev","tyse-v0.2021.09-WIP-15a6c2abb-dev","tyse-v0.2021.08-WIP-639ccf013-dev","tyse-v0.2021.08-639ccf013-regular","tyse-v0.2021.07-WIP-1666910df-dev","tyse-v0.2021.06-WIP-1fa610a8e-dev","tyse-v0.2021.05-WIP-a990d9a4c-dev","tyse-v0.2021.04-WIP-054ddae14-dev","tyse-v0.2021.03-WIP-08651b327-dev","v0.2021.02-WIP-879ef3fe1","v0.2021.02-879ef3fe1","tyse-v0.2021.02-879ef3fe1-regular","v0.6.74-WIP-63220cb","v0.6.74-63220cb","v0.6.73-af179bf","v0.6.73-WIP-1-af179bf","v0.6.72-aa16f5c","v0.6.72-WIP-1-aa16f5c","v0.6.71-e82ed31","v0.6.71-WIP-1-e82ed31","v0.6.70-WIP-1-2362267","v0.6.69-WIP-1-f5313d2","v0.6.68-c255d72","v0.6.68-WIP-1-c255d72","v0.6.67-WIP-1-20403d7","v0.6.66-WIP-1-9204455","v0.6.65-WIP-1-88e6586","v0.6.64-WIP-1-88b7485","v0.6.64-88b7485","v0.6.63-WIP-1-dafcf5f","v0.6.62-WIP-1-57672f94f","v0.6.61-WIP-1-09cec7e","v0.6.60-WIP-1-a94fba8","v0.6.59-WIP-1-e335bc4","v0.6.58-WIP-1-59fa7b2","v0.6.58-59fa7b2","v0.6.57-WIP-1-a66e4de","v0.6.56-WIP-1-3c894e1","v0.6.55-WIP-1-6bd1128","v0.6.54-WIP-1-93761d4","v0.6.53-WIP-1-4953a4e","v0.6.52-WIP-1-8ec5349","v0.6.51-WIP-1-163f5bd","v0.6.51-163f5bd","v0.6.50-WIP-1-c07d47b","v0.6.49-WIP-1-535d684","v0.6.49-535d684","v0.6.48-WIP-1-dfee850","v0.6.47-WIP-1-493630d","v0.6.47-493630d","v0.6.46-WIP-1-24b80c8","v0.6.44-WIP-1-950ea40","v0.6.43-b2528e2","v0.6.43-WIP-1-b2528e2","v0.6.42-WIP-1-1354a5a","v0.6.41-WIP-1-02f7ae5","v0.6.40-WIP-1-ace7f00","v0.6.39-WIP-1-abdebb8","v0.6.38-WIP-1-32b87bb","v0.6.37-WIP-1-69a25a9","v0.6.37-69a25a9","v0.6.36-WIP-1-8649129","v0.6.35-ef7fb05","v0.6.35-WIP-1-ef7fb05","v0.6.34-WIP-1-386f799","v0.6.33-WIP-1-84748d5","v0.6.33-84748d5","v0.6.32-WIP-1-b9e25e5","v0.6.31-WIP-1-162a3d2","v0.6.31-162a3d2","v0.6.30-WIP-1-0b723db","v0.6.29-WIP-1-5351dfe","v0.6.28-WIP-1-17e33ad","v0.6.28-17e33ad","v0.6.27-WIP-1-53ec0df","v0.6.27-53ec0df","v0.6.26-WIP-1-4936862","v0.6.25-WIP-1-8a5d607","v0.6.25-8a5d607","v0.6.24-e5d0263","v0.6.24-WIP-1-e5d0263","v0.6.23-WIP-1-93a6b2a","v0.6.22-WIP-1-85e88ba","v0.6.22-85e88ba","v0.6.21-WIP-1-efd6624","v0.6.20-WIP-1-d29dfe9","v0.6.19-WIP-1-261f1de","v0.6.19-261f1de","v0.6.18-WIP-1-443e447","v0.6.17-WIP-1-2950cc1","v0.6.16-d4d67a1","v0.6.16-WIP-1-d4d67a1","v0.6.15-WIP-1-3250563","v0.6.15-3250563","v0.6.14-ea9c6c9","v0.6.14-WIP-1-ea9c6c9","v0.6.13-dd15bfa","v0.6.13-WIP-1-dd15bfa","v0.6.12-WIP-1-3f99a2c","v0.6.12-3f99a2c","v0.6.11-WIP-1-7a253b5","v0.6.10-WIP-1-2f56d4c","v0.6.9-WIP-3-75eef8f","v0.6.9-WIP-2-ff7a125","v0.6.9-WIP-1-ad27a6e","v0.6.8-WIP-2-e64f29c","v0.6.8-WIP-1-eff2ca3","v0.6.7-WIP-6-0cc6df7","v0.6.7-WIP-5-3f04853","v0.6.7-WIP-4-ef6544c","v0.6.7-WIP-3-381e132","v0.6.7-WIP-2-143b05f","v0.6.7-WIP-1-3192d08","v0.6.6-ce61ac7","v0.6.6-WIP-2-ce61ac7","v0.6.6-WIP-1-a8c2a86","v0.6.5-eae1ceb","v0.6.5-WIP-3-ad48bd0","v0.6.5-WIP-2-f2b9696","v0.6.5-WIP-1-af1a761","v0.6.4-564d7ab","v0.6.3-7704eb2","v0.6.2-5d7e15e","v0.6.1-576508b","v0.6.1-WIP-3-3a1baa2","v0.6.1-WIP-2-2943dac","v0.6.1-WIP-1-8ad607f","v0.6.0-8893090","v0.5.0-WIP-4-6f60d0c","v0.5.0-WIP-3-9d444b1","v0.5.0-WIP-2-f37f3be","v0.5.0-WIP-1-a6b585b","v0.4.8-WIP-1-42aff6e","v0.4.7-f5b72f2","v0.4.6-WIP-16-c3d1a52","v0.4.6-WIP-16-7ab8b15","v0.4.6-WIP-15-aae0a12","v0.4.6-WIP-14-5f80e2a","v0.4.6-WIP-13-0ea79d3","v0.4.6-WIP-12-6f32c50","v0.4.6-WIP-11-d0c5bb9","v0.4.6-WIP-10-49ab4ff","v0.4.6-WIP-9-09787d2","v0.4.6-WIP-8-164ff45","v0.4.6-WIP-7-b8abb65","v0.4.6-WIP-6-61a78d2","v0.4.6-WIP-5-01d1fa2","v0.4.6-WIP-4-4b5fa65","v0.4.6-WIP-3-cfc2b6e","v0.4.6-WIP-2-6a386a0","v0.4.6-WIP-1-fc0c277","v0.4.5-e6b486c","v0.4.5-WIP-1-03ba618","v0.4.4-55a2d15","v0.4.4-WIP-9-9892e21","v0.4.4-WIP-8-614c2a4","v0.4.4-WIP-7-fa0dd15","v0.4.4-WIP-6-31b09aa","v0.4.4-WIP-5-29a3aaf","v0.4.4-WIP-4-829608a","v0.4.4-WIP-3-a7d8166","v0.4.4-WIP-2-d66fd1e","v0.4.4-WIP-1-dd5db2a","v0.4.3-WIP-23-9b38822","v0.4.3-WIP-22-35f7e5b","v0.4.3-WIP-21-599f4e8","v0.4.3-WIP-20-d10bfe1","v0.4.3-WIP-19-66c7951","v0.4.3-WIP-18-2537760","v0.4.3-WIP-17-c9bd9e3","v0.4.3-WIP-16-491830e","v0.4.3-WIP-15-90dbb64","v0.4.3-WIP-12-3b65032","v0.4.3-WIP-9-ead4ca1","v0.4.3-WIP-8-39c417b","v0.4.3-WIP-6-2adcd11","v0.4.3-WIP-5-2adcd11","v0.4.2-ca43efe","v0.04.01"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25980.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}