CVE-2024-36279

Name of the Vulnerable Software and Affected Versions FreeFrom - the nostr client versions prior to 1.3.5

Description The issue exists due to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. If exploited, the content of direct messages between users may be manipulated by a man-in-the-middle attack.

Recommendations For versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of direct messages until the update is applied.