CVE-2024-45607

12 Sep 2024

Jose Alexis Correa Valencia
0 Comentarios

Título es

CVE-2024-45607

Jue, 12/09/2024 – 20:15

Tipo

CWE-347

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-45607

Descripción en

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.

12/09/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/Secreto31126/whatsapp-api-js/commit/56620c65126427496a94d176082fbd8393a95b6d

https://github.com/Secreto31126/whatsapp-api-js/pull/371

https://github.com/Secreto31126/whatsapp-api-js/security/advisories/GHSA-mwhf-vhr5-7j23

Enviar en el boletín