GHSA-j9gf-vw2f-9hrw: Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release.
Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when APPSMITH_BASE_URL is configured. If that setting is unset, the application accepts the caller-supplied origin and uses it to generate token-bearing reset and verification links.
On deployments with email delivery enabled and APPSMITH_BASE_URL unset, this can cause Appsmith to send security-sensitive links whose clickable host is attacker-controlled, which can plausibly lead to account takeover after victim interaction.
References
Code Behaviors & Features
Detect and mitigate GHSA-j9gf-vw2f-9hrw with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →