1
0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-28 13:22:39 +03:00
Ghost/ghost/magic-link/test
Fabien "egg" O'Carroll 28de1720c1 🔒 Fixed magic link endpoint sending multiple emails
refs https://github.com/TryGhost/Team/issues/2024

Without validation it was possible to send a string of comma separated
email addresses to the endpoint, and an email would be sent to each
address, bypassing any rate limiting.

This bug does not allow for an authentication bypass exploit. It is purely a
spam email concern.

Credit: Sandip Maity <maitysandip925@gmail.com>
2022-10-05 10:28:13 +01:00
..
.eslintrc.js Updated Eslint ECMAScript compatibility to 2022 2022-08-09 15:51:40 +02:00
index.test.js 🔒 Fixed magic link endpoint sending multiple emails 2022-10-05 10:28:13 +01:00