exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2024-45607

больше 1 года назад

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.

CVSS3: 5.8

EPSS: Низкий

GHSA-mwhf-vhr5-7j23

больше 1 года назад

whatsapp-api-js fails to validate message's signature

CVSS3: 5.8

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2024-45607 whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.	CVSS3: 5.8	2% Низкий	больше 1 года назад
	GHSA-mwhf-vhr5-7j23 whatsapp-api-js fails to validate message's signature	CVSS3: 5.8	2% Низкий	больше 1 года назад

Уязвимостей на страницу