CVE-2023-49095: Improper Input Validation

November 30, 2023 (updated December 5, 2023)

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.

References

github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab
github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx
nvd.nist.gov/vuln/detail/CVE-2023-49095

Detect and mitigate CVE-2023-49095 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →