A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.Referenceshttps://www.npmjs.com/package/@perfood/couch-authhttps://github.com/perfood/couch-authhttps://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e
