Vulnerability Description
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joinbookwyrm | Bookwyrm | < 0.4.5 |
Related Weaknesses (CWE)
References
- https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-mExploitIssue TrackingThird Party Advisory
- https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/ExploitIssue TrackingPatch
- https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-mExploitIssue TrackingThird Party Advisory
- https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/ExploitIssue TrackingPatch
FAQ
What is CVE-2022-35953?
CVE-2022-35953 is a vulnerability with a CVSS score of 7.1 (HIGH). BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phish...
How severe is CVE-2022-35953?
CVE-2022-35953 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35953?
Check the references section above for vendor advisories and patch information. Affected products include: Joinbookwyrm Bookwyrm.