CVE-2024-45607 — MEDIUM (5.8)

Q: How severe is CVE-2024-45607?

CVE-2024-45607 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-45607?

Check the references section above for vendor advisories and patch information. Affected products include: Secreto31126 Whatsapp-Api-Js.

Vulnerability Description

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Secreto31126	Whatsapp-Api-Js	>= 4.0.0, < 4.0.3

Related Weaknesses (CWE)

CWE-347

References

FAQ

What is CVE-2024-45607?

CVE-2024-45607 is a vulnerability with a CVSS score of 5.8 (MEDIUM). whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the ...

How severe is CVE-2024-45607?

CVE-2024-45607 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45607?

Check the references section above for vendor advisories and patch information. Affected products include: Secreto31126 Whatsapp-Api-Js.