CVE-2024-45607

Name of the Vulnerable Software and Affected Versions: whatsapp-api-js versions prior to 4.0.3

Description: The issue concerns Incorrect Access Control in the whatsapp-api-js framework, impacting anyone using the post or verifyRequestSignature methods to handle messages. It is possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid.

Recommendations: For versions prior to 4.0.3, update to version 4.0.3 to resolve the issue. As a temporary workaround, consider using a custom function like doPost, which checks the payload validation using whatsapp.verifyRequestSignature and throws an error if the signature is valid, before proceeding with the post method.