Описание
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dino-im | fixed | 0.4.2-1 | package | |
| dino-im | not-affected | buster | package |
Примечания
https://dino.im/security/cve-2023-28686/
Fixed by: https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec
Fixed by: https://github.com/dino/dino/commit/baf96d9d9fac7480fed777ac87d917f8dec8f0f6 (v0.4.2)
Fixed by: https://github.com/dino/dino/commit/e02a443a4eaf02f0ab860b41d0bc7081d4110ab4 (v0.2.3)
Bookmark supported added in https://github.com/dino/dino/commit/74c29d4df19f97b9b67bbc3c1a963a8729be69fd (v0.1.0)
EPSS
Связанные уязвимости
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
EPSS