CVE-2024-46957

EUVD-2024-2757
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
melliumxmpp
0.0.1 ≤
𝑥
≤ 0.21.4
ADP
Common Weakness Enumeration
References
https://codeberg.org/mellium/xmpp/releases
https://mellium.im/cve/cve-2024-46957/