Cxplay

**Name of the Vulnerable Software and Affected Versions** Bostr versions prior to 3.0.10 **Description** The issue allows unauthorized access to a private bouncer, even when `authorized keys` are set, if `noscraper` is enabled. This means that anyone can use the bouncer, regardless of whether their pubkey is in `authorized keys`. **Recommendations** For versions prior to 3.0.10, update to version 3.0.10 to resolve the issue. As a temporary workaround, consider disabling the `noscraper` option if `authorized keys` is set in the config.