Medium

lunary

Email Validation Bypass via Dot Character

A vulnerability in versions <=v1.2.11 allows attackers to create multiple accounts using variations of the same email address by inserting dot characters. This issue was patched in a subsequent release.

Available publicly on Jun 16 2024

5.3

CVE:

CVE-2024-5755

CWE:

821:Incorrect Synchronization

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Credit:

h2oa
AssessDetect

Unavailable

Remediate
Remediation Steps
  • Ensure email validation logic correctly normalizes email addresses by removing dot characters before the '@' symbol.
  • Implement additional checks to prevent the creation of multiple accounts with variations of the same email address.
  • Update the software to the latest patched version.
  • Conduct thorough testing to ensure the fix addresses the issue without introducing new vulnerabilities.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.