CVE-2024-57177

Published: Feb 10, 2025

Modified: Dec 17, 2025

PUBLISHED

Description

A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/perfood/couch-auth

https://github.com/waristea/cve-research/tree/main/CVE-2024-57177

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-57177

Description

Affected Products

References