Mrpetovan

**Name of the Vulnerable Software and Affected Versions** Friendica versions through 2021.01 **Description** The issue allows the settings/userexport feature to be accessed by anonymous users, potentially leading to excessive memory consumption and attempted access to an array offset on a value of type null. However, the vendor notes that a valid authentication cookie is still required to use the feature. **Recommendations** For Friendica versions through 2021.01, consider restricting access to the settings/userexport route to logged-in users only, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.