CVE-2023-49079: Improper Verification of Cryptographic Signature

November 29, 2023 (updated December 5, 2023)

Misskey is an open source, decentralized social media platform. Misskey’s missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.

References

github.com/misskey-dev/misskey/security/advisories/GHSA-3f39-6537-3cgc
nvd.nist.gov/vuln/detail/CVE-2023-49079

Detect and mitigate CVE-2023-49079 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →