Skip to content

XSS vulnerability using dialog

High
mei23 published GHSA-frf2-3x76-frgq Aug 27, 2021

Package

No package name (No ecosystem)

Affected versions

< 10.102.338-m544

Patched versions

10.102.338-m544

Description

Impact

Webクライアントのdialogで悪意のある文字列を表示させることで、アクセストークンを奪取される恐れがあります。

When a malicious string is displayed in the dialog of web client, the user's access token may be seized by someone.

Patches

10.102.338-m544 で修正されています。

This has been fixed in 10.102.338-m544.

Workarounds

有効な回避策はありません。アップデートをお願いします。

There is no effective workaround. Please update.

References

Releases 10.102.338-m544
https://github.com/mei23/misskey/releases/tag/10.102.338-m544

Parent security advisories
GHSA-pmmv-jwqh-f5ww

For more information

misskey本家で発見されたものです。
This vulnerability was found in misskey's original repository.
GHSA-pmmv-jwqh-f5ww

Severity

High

CVE ID

CVE-2021-39169

Weaknesses