nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.
References
Link | Resource |
---|---|
https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab | Patch |
https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx | Patch Third Party Advisory |
https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab | Patch |
https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 08:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab - Patch | |
References | () https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
05 Dec 2023, 17:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Nexryai nexkey
Nexryai |
|
References | () https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx - Patch, Third Party Advisory | |
References | () https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:nexryai:nexkey:*:*:*:*:*:node.js:*:* |
30 Nov 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-30 07:15
Updated : 2024-11-21 08:32
NVD link : CVE-2023-49095
Mitre link : CVE-2023-49095
CVE.ORG link : CVE-2023-49095
JSON object : View
Products Affected
nexryai
- nexkey
CWE
CWE-20
Improper Input Validation