Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:5 p.m.7 views

CVE-2024-25636

Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...

8.8CVSS6.8AI score0.00655EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/19 7:42 p.m.37 views

CVE-2024-25636 Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts

Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...

7.1CVSS7.1AI score0.00655EPSS
Exploits0References5
CVE
CVE
added 2024/02/19 7:42 p.m.103 views

CVE-2024-25636

Misskey prior to version 2024.2.0 is affected by a vulnerability where remote Activity Streams objects are fetched without verifying the Content-Type header for the Activity Streams media type. This flaw allows an attacker to upload a crafted Activity Streams document to a remote server and, if t...

8.8CVSS7AI score0.00655EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/19 7:42 p.m.19 views

CVE-2024-25636 Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts

Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...

7.1CVSS7AI score0.00655EPSS
Exploits0References5
Rows per page
Query Builder