CVE-2024-27730

Name of the Vulnerable Software and Affected Versions Friendica version 2023.12

Description The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.

Recommendations For Friendica version 2023.12, consider restricting access to the calendar event feature until a patch is available. As a temporary workaround, avoid using the cid parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.