Redwood is vulnerable to account takeover via dbAuth "forgot-password"
This is an API vulnerability in Redwood's [dbAuth], specifically the dbAuth forgot password feature: - only projects with the dbAuth "forgot password" feature are affected - this vulnerability was introduced in v0.38.0