CVE-2024-34695

Name of the Vulnerable Software and Affected Versions WOWS Karma versions prior to 0.17.4.1

Description The issue allows a user to bypass cooldown validation by sending multiple post creation API requests simultaneously. This is achieved by clicking the "create" button multiple times on a post creation prompt before the modal closes. Although the user's metrics are not refreshed more than once due to concurrent karma updates, the cooldown validation is bypassed.

Recommendations For versions prior to 0.17.4.1, update to version 0.17.4.1 to resolve the issue. As a temporary workaround, consider restricting the ability to send multiple post creation requests simultaneously to minimize the risk of exploitation.