CVE-2024-32983
CVSS V2 None
CVSS V3 None
Description
Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the authors of the original activities. This vulnerability is fixed in 2024.5.0.
Overview
- CVE ID
- CVE-2024-32983
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-03T15:16:26.186Z
- Last Modified Date
- 2024-06-05T18:23:37.542Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/misskey-dev/misskey/security/advisories/GHSA-2vxv-pv3m-3wvj | x_refsource_CONFIRM |
| https://github.com/misskey-dev/misskey/commit/d2a5bb39e344fcb84a24ae60faafe4694b227b88 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-32983 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32983 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 08:19:23 | Added to TrackCVE |