Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28686.json",
"cna_assigner": "mitre",
"unresolved_ranges": [
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "0.2.3"
},
{
"introduced": "0.3.x"
},
{
"fixed": "0.3.2"
},
{
"introduced": "0.4.x"
},
{
"fixed": "0.4.2"
}
]
}
]
}{
"cpe": "cpe:2.3:a:dino:dino:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.2.3"
},
{
"introduced": "0.3.0"
},
{
"fixed": "0.3.2"
},
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.2"
}
]
}