CVE-2024-45607 Vulnerability Details

  /     /     /  

CVE-2024-45607 Metadata Quick Info

CVE Published: 12/09/2024 | CVE Updated: 12/09/2024 | CVE Year: 2024
Source: GitHub_M | Vendor: Secreto31126 | Product: whatsapp-api-js
Status : PUBLISHED

---

CVE-2024-45607 Description

whatsapp-api-js is a TypeScript server agnostic Whatsapp\'s Official API framework. It\'s possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.

Metrics

CVSS Version: 3.1 | Base Score: 5.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-347
CWE Name: CWE-347: Improper Verification of Cryptographic Signature
Source: Secreto31126

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).