3 matches found
CVE-2022-46164 Account takeover via prototype vulnerability
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...
CVE-2022-46164
NodeBB vulnerability CVE-2022-46164 arises from using a plain object with a prototype in socket.io message handling, enabling impersonation and account takeover. Affected software: NodeBB (Node.js-based forum software) prior to version 2.6.1. Root cause: prototype pollution in message handling al...
CVE-2022-46164 Account takeover via prototype vulnerability
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...