CVE-2023-28686

Name of the Vulnerable Software and Affected Versions Dino versions prior to 0.2.3 Dino versions 0.3.x prior to 0.3.2 Dino versions 0.4.x prior to 0.4.2

Description The issue allows attackers to modify the personal bookmark store via a crafted message. This can lead to changing the display of group chats or forcing a victim to join a group chat, potentially tricking the victim into disclosing sensitive information. When a Dino client receives a specifically crafted message from an unauthorized sender, it would use information from that message to add, update, or remove entries in the user’s personal bookmark store without requiring further user interaction.

Recommendations For versions prior to 0.2.3, update to version 0.2.3 or later. For versions 0.3.x prior to 0.3.2, update to version 0.3.2 or later. For versions 0.4.x prior to 0.4.2, update to version 0.4.2 or later. As a temporary workaround, consider restricting the handling of crafted messages until a patch is applied.