CVE-2017-5858

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5858

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5858.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-5858

Aliases

GHSA-w973-2qcc-p78x

Published

2017-02-09T20:59:00Z

Modified

2025-01-08T10:37:56.196068Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4).

References

Affected packages

Git / github.com/conversejs/converse.js

Affected ranges

Type: GIT
Repo: https://github.com/conversejs/converse.js
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

42f249cabbbf5c026398e6d3b350f6f9536ea572

Fixed

42f249cabbbf5c026398e6d3b350f6f9536ea572

Type: GIT
Repo: https://github.com/jcbrand/converse.js
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

06805d80b884fa800cf214560e15b37c396b819a

Last affected

10da240e7ed556a717adef6aa36e9efd709cd887

Last affected

145fd016a34db278b8d5b381f22e2bcff39b4030

Last affected

1545018edf84962e4360adcb8ffa9c850b3fc8c8

Last affected

17da00d5c11a5b96ed71378c58e2188543ea9472

Last affected

303a412b38e1a7da4a8ad5e34ae9f4dae1ff7ca3

Last affected

4c123d51d4177d4877e25080bb5210c52146277a

Last affected

4f87fa3c4f939db4d94952ebcd810b12c23e9ec6

Last affected

56ec4cf7bcfc4ddccaf8f3dcf9196bc31543f92c

Last affected

598e29c9103df7c5a91daae7b9428628e2d3e4d9

Last affected

5fa5f8272ff0af601e9613583e48f7919772ab7c

Last affected

6369465661d00c3242352a0860de4a997a76b78a

Last affected

829f9ab2161a71143208a1c866ab01f0b4f94bae

Last affected

8a74cc3323d1b871cc592f83e02336ee1de9bfcb

Last affected

8bbd88ba862f8ea739ada25a4fc4846b920c717b

Last affected

8c3ffdffbb722375f32ba26ec1e13c4b83829bee

Last affected

92ed46f84426d1481dcbf3f0265230af4cfe5c44

Last affected

995c5fdb4489da8a7ccaad1afabd66b98841096a

Last affected

af77b3189ef276306f11839b36ecb0f49f491627

Last affected

c98e516e3987bbffb6367cee9fa467ca10e937de

Last affected

c9958182ff3d7bcbc326ab74051a9a846b71af6a

Last affected

d7c026e12829b3202fb5fc3109ec04c33eea50f1

Last affected

d8bf1961a78b08e59d7f41217f6068a9c832157d

Last affected

e0e0f1b7d793a80aa9a14814640d97c2ee4358ff

Last affected

e3dbbf2eae2593bd0ec3d13b562786b8b74aeab9

Last affected

fccd0860eb549f94dcd72d92b4ac3b722cc035a9

Affected versions

0.*

0.9.4

v0.*

v0.10.0

v0.10.1

v0.2

v0.3

v0.4

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4