Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-579x-cjvr-cqj9

GitHub Security Advisory

Observable Response Discrepancy in Lost Password Service

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
It is possible to enumerate usernames via the forgot password functionality

### Patches
Update to version `10.1.3` or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch

### Workarounds
Apply https://github.com/pimcore/pimcore/pull/10223.patch manually.

Affected Packages

Packagist pimcore/pimcore
Affected versions: 0 (fixed in 10.1.3)

Related CVEs

CVE-2021-39189

Key Information

GHSA ID
GHSA-579x-cjvr-cqj9
Published
September 20, 2021 7:53 PM
Last Modified
September 17, 2021 6:38 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/pimcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.