4 matches found
CVE-2024-25636
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...
CVE-2024-25636 Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...
CVE-2024-25636
Misskey prior to version 2024.2.0 is affected by a vulnerability where remote Activity Streams objects are fetched without verifying the Content-Type header for the Activity Streams media type. This flaw allows an attacker to upload a crafted Activity Streams document to a remote server and, if t...
CVE-2024-25636 Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...