CVE-2024-36588

Name of the Vulnerable Software and Affected Versions Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4

Description The issue allows attackers to send messages that are erroneously attributed to arbitrary users via a crafted HTTP request. This can be achieved by sending a request to a specific endpoint, although the exact endpoint is not specified. The attack involves manipulating the request to make it appear as if the message is coming from a different user.

Recommendations For Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4, consider restricting access to the messaging functionality until a patch is available to prevent attackers from sending erroneously attributed messages. As a temporary workaround, review and verify the authenticity of messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.