CVE-2021-30141

Name of the Vulnerable Software and Affected Versions Friendica versions through 2021.01

Description The issue allows the settings/userexport feature to be accessed by anonymous users, potentially leading to excessive memory consumption and attempted access to an array offset on a value of type null. However, the vendor notes that a valid authentication cookie is still required to use the feature.

Recommendations For Friendica versions through 2021.01, consider restricting access to the settings/userexport route to logged-in users only, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.