Impact
A critical vulnerability was identified that allows a remote, unauthenticated attacker to fully compromise an account. To compromise an account a valid username and email address combination is required.
Patches
Release version 0.14.7 fixes this issue. In the pre-releases, the fix is included from version 1.0.0-rainbow5 on.
Because of the low complexity of this vulnerability, it is strongly advised to apply the available patch immediately.
Impact
A critical vulnerability was identified that allows a remote, unauthenticated attacker to fully compromise an account. To compromise an account a valid username and email address combination is required.
Patches
Release version 0.14.7 fixes this issue. In the pre-releases, the fix is included from version 1.0.0-rainbow5 on.
Because of the low complexity of this vulnerability, it is strongly advised to apply the available patch immediately.