CVE-2024-45607
CVSS V2 None
CVSS V3 None
Description
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.
Overview
- CVE ID
- CVE-2024-45607
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-12T19:58:13.803Z
- Last Modified Date
- 2024-09-12T20:04:46.581Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/Secreto31126/whatsapp-api-js/security/advisories/GHSA-mwhf-vhr5-7j23 | x_refsource_CONFIRM |
| https://github.com/Secreto31126/whatsapp-api-js/pull/371 | x_refsource_MISC |
| https://github.com/Secreto31126/whatsapp-api-js/commit/56620c65126427496a94d176082fbd8393a95b6d | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-45607 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45607 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-09-13 13:15:54 | Added to TrackCVE |