CVE-2024-46957

Name of the Vulnerable Software and Affected Versions Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4

Description The issue allows response spoofing because the stanza type is not checked. This can lead to potential system compromise. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions 0.0.1 through 0.21.4, update to version 0.22.0 to resolve the issue. As a temporary workaround, consider implementing additional checks on the stanza type to prevent response spoofing until a patch is available. Restrict access to sensitive components to minimize the risk of exploitation.