Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the authors of the original activities. This vulnerability is fixed in 2024.5.0.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-03T15:16:26.186Z
Updated: 2024-06-05T18:23:37.542Z
Reserved: 2024-04-22T15:14:59.167Z
Link: CVE-2024-32983
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-03T16:15:08.567
Modified: 2024-06-03T19:23:17.807
Link: CVE-2024-32983
JSON object: View
Redhat Information
No data.
CWE