mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-27 21:03:29 +03:00
28de1720c1
refs https://github.com/TryGhost/Team/issues/2024 Without validation it was possible to send a string of comma separated email addresses to the endpoint, and an email would be sent to each address, bypassing any rate limiting. This bug does not allow for an authentication bypass exploit. It is purely a spam email concern. Credit: Sandip Maity <maitysandip925@gmail.com> |
||
---|---|---|
.. | ||
.eslintrc.js | ||
index.test.js |