TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-01 13:54:35 +03:00
Code Issues Projects Releases Wiki Activity
28de1720c1
Ghost/ghost/core/test/e2e-api
History
Fabien "egg" O'Carroll 28de1720c1 🔒 Fixed magic link endpoint sending multiple emails 
refs https://github.com/TryGhost/Team/issues/2024

Without validation it was possible to send a string of comma separated
email addresses to the endpoint, and an email would be sent to each
address, bypassing any rate limiting.

This bug does not allow for an authentication bypass exploit. It is purely a
spam email concern.

Credit: Sandip Maity <maitysandip925@gmail.com>
2022-10-05 10:28:13 +01:00
..
admin Added referrer attribution from request context (#15499) 2022-09-29 22:31:48 +05:30
content Increased Vary granularity for versioned requests 2022-09-28 14:48:43 +08:00
members 🔒 Fixed magic link endpoint sending multiple emails 2022-10-05 10:28:13 +01:00
members-comments Added temporary fix for random test failures in comments 2022-09-14 17:02:13 +02:00
shared Increased Vary granularity for versioned requests 2022-09-28 14:48:43 +08:00