Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.Referenceshttp://tooljet.comhttps://github.com/fourcube/security-advisories/blob/main/security-advisories/20220320-tooljet.md
