ГлавнаяУязвимости → CVE-2026-28213
9.8критическая

CVE-2026-28213

Описание

EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version 2.1.1 fixes the issue.

Затрагиваемое ПО
Evershop Evershop
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/evershopcommerce/evershop/releases/tag/v2.1.1https://github.com/evershopcommerce/evershop/security/advisories/GHSA-cg73-g723-39jw