CVE-2024-4832211.11.2024, 20:15UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.TOCTOUEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.1 HIGHNETWORKHIGHNONECVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CISA-ADPADP8.1 HIGHNETWORKHIGHNONECVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 93%Common Weakness EnumerationCWE-367 - Time-of-check Time-of-use (TOCTOU) Race ConditionThe software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.Referenceshttps://github.com/runcodes-icmc/serverhttps://github.com/runcodes-icmc/server/issues/12https://github.com/runcodes-icmc/server/releases/tag/v1.5.3https://github.com/trqt/CVE-2024-48322