CVE-2024-25636

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-25636

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25636.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-25636

Related

GHSA-qqrm-9grj-6v32

Published

2024-02-19T20:15:46Z

Modified

2025-02-06T08:51:38.800627Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Misskey instance fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate and take over an account on a remote server that satisfies all of the following properties: allows the threat actor to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as legitimate Activity Streams actors; and serves user-uploaded document in response to requests with an Accept header value of the Activity Streams media type. Version 2024.2.0 contains a patch for the issue.

References

Affected packages

Git / github.com/misskey-dev/misskey

Affected ranges

Type: GIT
Repo: https://github.com/misskey-dev/misskey
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9a70ce8f5ea9df00001894809f5ce7bc69b14c8a

Fixed

9a70ce8f5ea9df00001894809f5ce7bc69b14c8a

Type: GIT
Repo: https://github.com/syuilo/misskey
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

96c7c85ad008a71fb03198a708c8531aacbb39e0

Affected versions

0.*

0.0.5018

0.0.5023

0.0.5030

0.0.5042

0.0.5051

0.0.5064

0.0.5074

0.0.5089

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

10.*

10.0.0

10.1.0

10.10.0

10.10.1

10.100.0

10.11.0

10.11.1

10.12.0

10.12.1

10.13.0

10.14.0

10.15.0

10.16.0

10.17.0

10.18.0

10.19.0

10.2.0

10.2.1

10.20.0

10.21.0

10.21.1

10.21.2

10.21.3

10.22.0

10.22.1

10.23.0

10.23.1

10.24.0

10.25.0

10.26.0

10.27.0

10.28.0

10.29.0

10.29.1

10.3.0

10.30.0

10.30.1

10.30.2

10.30.3

10.31.0

10.32.0

10.33.0

10.34.0

10.35.0

10.35.1

10.36.0

10.36.1

10.37.0

10.38.0

10.38.1

10.38.2

10.38.3

10.38.4

10.38.5

10.38.6

10.38.7

10.38.8

10.39.0

10.39.1

10.4.0

10.40.0

10.40.1

10.41.0

10.42.0

10.42.2

10.43.0

10.43.1

10.44.0

10.44.1

10.44.2

10.45.0

10.46.0

10.46.1

10.46.2

10.47.0

10.48.0

10.48.1

10.49.0

10.49.1

10.49.2

10.49.3

10.49.4

10.49.5

10.49.6

10.49.7

10.5.0

10.50.0

10.51.0

10.51.1

10.51.2

10.52.0

10.53.0

10.54.0

10.55.0

10.56.0

10.56.1

10.56.2

10.57.0

10.57.1

10.57.2

10.57.3

10.58.0

10.58.1

10.58.2

10.59.0

10.59.1

10.59.2

10.59.3

10.59.4

10.6.0

10.60.0

10.60.1

10.60.2

10.60.3

10.60.4

10.61.0

10.62.0

10.62.1

10.62.2

10.63.0

10.63.1

10.64.0

10.64.1

10.64.2

10.65.0

10.66.0

10.66.1

10.66.2

10.67.0

10.68.0

10.69.0

10.7.0

10.7.1

10.7.2

10.70.0

10.70.1

10.71.0

10.72.0

10.73.0

10.74.0

10.75.0

10.76.0

10.77.0

10.78.0

10.78.1

10.78.2

10.78.3

10.78.4

10.78.5

10.79.0

10.79.1

10.8.0

10.80.0

10.81.0

10.82.0

10.82.1

10.82.2

10.82.3

10.82.4

10.83.0

10.84.0

10.84.1

10.84.2

10.85.0

10.85.1

10.85.2

10.86.0

10.86.1

10.86.2

10.87.0

10.87.1

10.87.2

10.87.3

10.87.4

10.87.5

10.88.0

10.89.0

10.89.1

10.9.0

10.9.1

10.9.2

10.90.0

10.90.1

10.90.2

10.90.3

10.90.4

10.91.0

10.91.1

10.91.2

10.92.0

10.92.1

10.92.2

10.92.3

10.92.4

10.93.0

10.93.1

10.94.0

10.95.0

10.96.0

10.97.0

10.97.1

10.97.2

10.98.0

10.98.1

10.98.2

10.98.3

10.99.0

11.*

11.0.0

11.0.0-alpha.1

11.0.0-alpha.10

11.0.0-alpha.2

11.0.0-alpha.3

11.0.0-alpha.4

11.0.0-alpha.5

11.0.0-alpha.6

11.0.0-alpha.7

11.0.0-alpha.8

11.0.0-beta.1

11.0.0-beta.10

11.0.0-beta.11

11.0.0-beta.12

11.0.0-beta.13

11.0.0-beta.14

11.0.0-beta.15

11.0.0-beta.16

11.0.0-beta.2

11.0.0-beta.3

11.0.0-beta.4

11.0.0-beta.5

11.0.0-beta.6

11.0.0-beta.7

11.0.0-beta.8

11.0.0-beta.9

11.0.1

11.0.2

11.0.3

11.1.0

11.1.1

11.1.2

11.1.3

11.1.4

11.1.5

11.1.6

11.10.0

11.10.1

11.11.0

11.11.1

11.11.2

11.12.0

11.13.0

11.14.0

11.15.0

11.16.0

11.16.1

11.17.0

11.17.1

11.18.0

11.18.1

11.19.0

11.19.1

11.2.0

11.2.1

11.2.2

11.20.0

11.20.1

11.20.2

11.20.3

11.20.4

11.21.0

11.22.0

11.23.0

11.23.1

11.24.0

11.24.1

11.24.2

11.25.0

11.25.1

11.26.0

11.26.1

11.26.2

11.27.0

11.27.1

11.28.0

11.28.1

11.28.2

11.29.0

11.3.0

11.3.1

11.30.0

11.31.0

11.31.1

11.31.2

11.31.3

11.31.4

11.32.0

11.33.0

11.34.0

11.35.0

11.35.1

11.36.0

11.37.0

11.37.1

11.4.0

11.5.0

11.5.1

11.6.0

11.7.0

11.8.0

11.8.0-2

11.8.1

11.9.0

12.*

12.0.0

12.1.0

12.10.0

12.100.0

12.100.1

12.100.2

12.101.0

12.101.1

12.102.0

12.102.1

12.103.0

12.103.1

12.104.0

12.105.0

12.106.0

12.106.1

12.106.2

12.106.3

12.107.0

12.108.0

12.108.1

12.109.0

12.109.1

12.109.2

12.11.0

12.110.0

12.110.1

12.111.0

12.111.1

12.112.0

12.112.1

12.112.2

12.112.3

12.113.0

12.114.0

12.115.0

12.116.0

12.116.1

12.117.0

12.117.1

12.118.0

12.118.1

12.119.0

12.119.1

12.12.0

12.13.0

12.14.0

12.15.0

12.16.0

12.17.0

12.18.0

12.18.1

12.19.0

12.2.0

12.20.0

12.21.0

12.22.0

12.23.0

12.24.0

12.24.1

12.24.2

12.25.0

12.26.0

12.27.0

12.27.1

12.28.0

12.29.0

12.3.0

12.30.0

12.31.0

12.32.0

12.33.0

12.34.0

12.35.0

12.35.1

12.35.2

12.36.0

12.36.1

12.37.0

12.38.0

12.38.1

12.39.0

12.39.1

12.4.0

12.4.1

12.40.0

12.41.0

12.41.1

12.41.2

12.41.3

12.42.0

12.43.0

12.44.0

12.44.1

12.45.0

12.45.1

12.46.0

12.47.0

12.47.1

12.48.0

12.48.1

12.48.2

12.48.3

12.49.0

12.49.1

12.5.0

12.50.0

12.51.0

12.52.0

12.53.0

12.54.0

12.55.0

12.56.0

12.57.0

12.57.1

12.57.4

12.58.0

12.59.0

12.6.0

12.60.0

12.60.1

12.61.0

12.61.1

12.62.0

12.62.1

12.62.2

12.63.0

12.64.0

12.64.1

12.64.2

12.65.0

12.65.1

12.65.2

12.65.3

12.65.4

12.65.5

12.65.6

12.65.7

12.66.0

12.67.0

12.67.1

12.68.0

12.69.0

12.7.0

12.7.1

12.70.0

12.71.0

12.72.0

12.73.0

12.74.0

12.74.1

12.75.0

12.75.1

12.76.0

12.76.1

12.77.0

12.77.1

12.78.0

12.79.0

12.79.1

12.79.2

12.79.3

12.8.0

12.80.0

12.80.1

12.80.2

12.80.3

12.81.0

12.81.1

12.81.2

12.82.0

12.83.0

12.84.0

12.84.1

12.84.2

12.84.3

12.85.0

12.85.1

12.86.0

12.87.0

12.88.0

12.89.0

12.89.1

12.89.2

12.9.0

12.90.0

12.90.1

12.91.0

12.92.0

12.93.0

12.93.1

12.93.2

12.94.0

12.94.1

12.95.0

12.96.0

12.96.1

12.97.0

12.97.1

12.98.0

12.99.0

12.99.1

12.99.2

12.99.3

13.*

13.0.0

13.0.0-beta.16

13.0.0-beta.21

13.0.0-beta.22

13.0.0-beta.23

13.0.0-beta.24

13.0.0-beta.25

13.0.0-beta.26

13.0.0-beta.27

13.0.0-beta.28

13.0.0-beta.29

13.0.0-beta.30

13.0.0-beta.31

13.0.0-beta.32

13.0.0-beta.33

13.0.0-beta.34

13.0.0-beta.35

13.0.0-beta.36

13.0.0-beta.37

13.0.0-beta.38

13.0.0-beta.39

13.0.0-beta.40

13.0.0-beta.41

13.0.0-beta.42

13.0.0-beta.43

13.0.0-rc.1

13.0.0-rc.10

13.0.0-rc.11

13.0.0-rc.2

13.0.0-rc.3

13.0.0-rc.4

13.0.0-rc.5

13.0.0-rc.6

13.0.0-rc.7

13.0.0-rc.8

13.0.0-rc.9

13.1.0

13.1.0-beta.1

13.1.0-beta.2

13.1.1

13.1.2

13.1.3

13.1.4

13.1.5

13.1.6

13.1.7

13.1.8

13.10.0

13.10.1

13.10.2

13.10.3

13.11.0

13.11.0-beta.4

13.11.0-beta.5

13.11.0-beta.6

13.11.0-beta.7

13.11.0-beta.8

13.11.0.beta-1

13.11.0.beta-2

13.11.0.beta-3

13.11.1

13.11.2

13.11.3

13.12.0

13.12.0-beta.1

13.12.0-beta.2

13.12.0-beta.3

13.12.0-beta.4

13.12.0-beta.5

13.12.0-beta.6

13.12.1

13.12.2

13.13.0

13.13.0-beta.1

13.13.0-beta.2

13.13.0-beta.3

13.13.0-beta.4

13.13.0-beta.5

13.13.0-beta.6

13.13.0-beta.7

13.13.1

13.13.2

13.14.0

13.14.0-beta.1

13.14.0-beta.2

13.14.0-beta.3

13.14.0-beta.4

13.14.0-beta.5

13.14.0-beta.6

13.14.0-beta.7

13.14.1

13.14.2

13.2.0

13.2.1

13.2.2

13.2.3

13.2.4

13.2.5

13.2.6

13.3.0

13.3.1

13.3.2

13.3.3

13.3.4

13.4.0

13.5.0

13.5.1

13.5.2

13.5.3

13.5.4

13.5.5

13.5.6

13.6.0

13.6.1

13.7.0

13.7.1

13.7.2

13.7.3

13.7.4

13.7.5

13.8.0

13.8.1

13.9.0

13.9.1

13.9.2

2.*

2.0.0

2.1.1

2.1.2

2.1.3

2.1.4

2.10.0

2.10.1

2.11.0

2.12.0

2.13.0

2.14.0

2.15.0

2.16.0

2.16.1

2.16.2

2.16.3

2.16.4

2.16.5

2.16.6

2.16.7

2.16.8

2.17.0

2.18.0

2.18.2

2.19.0

2.2.0

2.20.0

2.20.1

2.21.0

2.21.1

2.22.0

2.22.1

2.22.2

2.22.3

2.23.0

2.24.0

2.24.1

2.24.2

2.25.1

2.25.2

2.27.3

2.29.0

2.29.1

2.3.0

2.3.1

2.30.0

2.30.1

2.31.0

2.32.0

2.33.0

2.33.1

2.34.0

2.34.1

2.34.3

2.35.1

2.35.2

2.35.3

2.36.1

2.37.1

2.37.2

2.37.3

2.37.4

2.37.5

2.37.6

2.37.7

2.38.2

2.38.3

2.4.0

2.40.0

2.40.1

2.41.1

2.42.0

2.5.0

2.6.2

2.7.1

2.9.0

2.9.1

2023.*

2023.10.0

2023.10.0-beta.1

2023.10.0-beta.10

2023.10.0-beta.11

2023.10.0-beta.12

2023.10.0-beta.13

2023.10.0-beta.14

2023.10.0-beta.15

2023.10.0-beta.2

2023.10.0-beta.3

2023.10.0-beta.4

2023.10.0-beta.5

2023.10.0-beta.6

2023.10.0-beta.7

2023.10.0-beta.8

2023.10.0-beta.9

2023.10.1

2023.10.2

2023.10.2-beta.1

2023.10.2-beta.2

2023.11.0

2023.11.0-beta.1

2023.11.0-beta.10

2023.11.0-beta.2

2023.11.0-beta.3

2023.11.0-beta.4

2023.11.0-beta.5

2023.11.0-beta.6

2023.11.0-beta.7

2023.11.0-beta.8

2023.11.0-beta.9

2023.11.1

2023.11.1-beta.1

2023.11.1-beta.2

2023.12.0

2023.12.0-beta.1

2023.12.0-beta.2

2023.12.0-beta.3

2023.12.0-beta.4

2023.12.0-beta.5

2023.12.0-beta.6

2023.12.1

2023.12.2

2023.9.0

2023.9.0-beta.1

2023.9.0-beta.10

2023.9.0-beta.11

2023.9.0-beta.2

2023.9.0-beta.3

2023.9.0-beta.4

2023.9.0-beta.5

2023.9.0-beta.6

2023.9.0-beta.7

2023.9.0-beta.8

2023.9.0-beta.9

2023.9.0-rc.1

2023.9.0-rc.2

2023.9.0-rc.3

2023.9.0-rc.4

2023.9.1

2023.9.2

2023.9.3

2024.*

2024.2.0-beta.1

2024.2.0-beta.10

2024.2.0-beta.12

2024.2.0-beta.13

2024.2.0-beta.2

2024.2.0-beta.3

2024.2.0-beta.4

2024.2.0-beta.5

2024.2.0-beta.6

2024.2.0-beta.7

2024.2.0-beta.8

2024.2.0-beta.9

3.*

3.0.1

3.1.0

3.1.1

4.*

4.10.0

4.11.0

4.12.0

4.13.0

4.14.0

4.15.0

4.17.1

4.19.1

4.2.0

4.20.0

4.22.1

4.23.1

4.24.1

4.25.0

4.26.0

4.3.0

4.3.1

4.5.0

4.7.0

4.7.1

4.9.0

5.*

5.0.0

5.1.0

5.10.0

5.11.0

5.12.0

5.13.0

5.13.1

5.13.2

5.14.0

5.15.0

5.16.0

5.17.0

5.18.0

5.19.0

5.20.0

5.20.1

5.21.0

5.22.0

5.22.1

5.23.0

5.23.1

5.23.2

5.24.0

5.24.1

5.25.0

5.3.0

5.4.0

5.5.0

5.6.1

5.6.2

6.*

6.0.0

6.0.1

6.0.2

6.1.0

6.2.0

6.3.0

6.3.2

6.4.0

6.4.1

7.*

7.0.0

7.0.2

7.1.0

7.1.1

7.1.2

7.2.0

7.3.0

7.4.0

7.4.0-2

7.4.1

8.*

8.0.0

8.1.0

8.10.0

8.11.0

8.11.1

8.12.0

8.13.0

8.14.0

8.15.0

8.16.0

8.17.0

8.18.0

8.19.0

8.19.1

8.2.0

8.20.0

8.21.0

8.21.1

8.22.0

8.23.0

8.24.0

8.25.0

8.26.0

8.27.0

8.28.0

8.28.1

8.29.0

8.3.0

8.3.1

8.30.0

8.31.0

8.32.0

8.33.0

8.33.1

8.34.0

8.34.1

8.34.2

8.34.3

8.34.4

8.35.0

8.36.0

8.37.0

8.38.0

8.39.0

8.4.0

8.40.0

8.41.0

8.42.0

8.43.0

8.44.0

8.44.1

8.45.0

8.45.1

8.46.0

8.47.0

8.48.0

8.49.0

8.5.0

8.5.1

8.5.1-2

8.50.0

8.51.0

8.52.0

8.53.0

8.54.0

8.55.0

8.56.0

8.57.0

8.57.1

8.58.0

8.59.0

8.6.0

8.60.0

8.61.0

8.62.0

8.63.0

8.64.0

8.7.0

8.8.0

8.9.0

8.9.1

8.9.2

9.*

9.0.0

9.1.0

9.2.0

9.3.0

9.3.1

9.4.0

9.5.0

9.6.0

9.7.0

9.7.1