CVE-2024-32983

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-32983

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32983.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-32983

Aliases

GHSA-2vxv-pv3m-3wvj

Published

2024-06-03T15:16:26.186Z

Modified

2026-05-09T04:15:13.214086Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVSS Calculator

Summary

Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities

Details

Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the authors of the original activities. This vulnerability is fixed in 2024.5.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32983.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ]
}

References

Affected packages

Git / github.com/misskey-dev/misskey

Affected ranges

Type

GIT

Repo

https://github.com/misskey-dev/misskey

Events

Introduced

Fixed

6078081c336ab42535cbea173c728d2aef08d5d2

Fixed

d2a5bb39e344fcb84a24ae60faafe4694b227b88

Database specific

{
    "cpe": "cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2024.5.0"
        }
    ]
}

Affected versions

0.*

0.0.5018

0.0.5023

0.0.5030

0.0.5042

0.0.5051

0.0.5064

0.0.5074

0.0.5089

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

10.*

10.0.0

10.1.0

10.10.0

10.10.1

10.11.0

10.11.1

10.12.0

10.12.1

10.13.0

10.14.0

10.15.0

10.16.0

10.17.0

10.18.0

10.19.0

10.2.0

10.2.1

10.20.0

10.21.0

10.21.1

10.21.2

10.21.3

10.22.0

10.22.1

10.23.0

10.23.1

10.24.0

10.25.0

10.26.0

10.27.0

10.28.0

10.29.0

10.29.1

10.3.0

10.30.0

10.30.1

10.30.2

10.30.3

10.31.0

10.32.0

10.33.0

10.34.0

10.35.0

10.35.1

10.36.0

10.36.1

10.37.0

10.38.0

10.38.1

10.38.2

10.38.3

10.38.4

10.38.5

10.38.6

10.38.7

10.38.8

10.39.0

10.39.1

10.4.0

10.40.0

10.40.1

10.41.0

10.42.0

10.42.2

10.43.0

10.43.1

10.44.0

10.44.1

10.44.2

10.45.0

10.46.0

10.46.1

10.46.2

10.47.0

10.48.0

10.48.1

10.49.0

10.49.1

10.49.2

10.49.3

10.49.4

10.49.5

10.49.6

10.49.7

10.5.0

10.50.0

10.51.0

10.51.1

10.51.2

10.52.0

10.53.0

10.54.0

10.55.0

10.56.0

10.56.1

10.56.2

10.57.0

10.57.1

10.57.2

10.57.3

10.58.0

10.58.1

10.58.2

10.59.0

10.59.1

10.59.2

10.59.3

10.59.4

10.6.0

10.60.0

10.60.1

10.60.2

10.60.3

10.60.4

10.61.0

10.62.0

10.62.1

10.62.2

10.63.0

10.63.1

10.64.0

10.64.1

10.64.2

10.65.0

10.66.0

10.66.1

10.66.2

10.67.0

10.68.0

10.69.0

10.7.0

10.7.1

10.7.2

10.70.0

10.70.1

10.71.0

10.72.0

10.73.0

10.74.0

10.75.0

10.76.0

10.77.0

10.78.0

10.78.1

10.78.2

10.78.3

10.78.4

10.78.5

10.79.0

10.79.1

10.8.0

10.80.0

10.81.0

10.82.0

10.82.1

10.82.2

10.82.3

10.82.4

10.83.0

10.84.0

10.84.1

10.84.2

10.85.0

10.85.1

10.85.2

10.86.0

10.86.1

10.86.2

10.87.0

10.87.1

10.87.2

10.87.3

10.87.4

10.87.5

10.88.0

10.89.0

10.89.1

10.9.0

10.9.1

10.9.2

10.90.0

10.90.1

10.90.2

10.90.3

10.90.4

10.91.0

10.91.1

10.91.2

10.92.0

10.92.1

10.92.2

10.92.3

10.92.4

10.93.0

10.93.1

10.94.0

10.95.0

10.96.0

10.97.0

10.97.1

10.97.2

10.98.0

10.98.1

10.98.2

10.98.3

10.99.0

11.*

11.0.0-alpha.1

11.0.0-alpha.10

11.0.0-alpha.2

11.0.0-alpha.3

11.0.0-alpha.4

11.0.0-alpha.5

11.0.0-alpha.6

11.0.0-alpha.7

11.0.0-alpha.8

11.0.0-beta.1

11.0.0-beta.10

11.0.0-beta.11

11.0.0-beta.12

11.0.0-beta.13

11.0.0-beta.14

11.0.0-beta.15

11.0.0-beta.16

11.0.0-beta.2

11.0.0-beta.3

11.0.0-beta.4

11.0.0-beta.5

11.0.0-beta.6

11.0.0-beta.7

11.0.0-beta.8

11.0.0-beta.9

11.26.1

11.26.2

11.27.0

11.27.1

11.28.0

11.28.1

11.28.2

11.29.0

11.30.0

11.31.0

11.31.1

11.31.2

11.31.3

11.31.4

11.32.0

11.33.0

11.34.0

11.35.0

11.35.1

11.36.0

11.37.0

11.37.1

12.*

12.0.0

12.1.0

12.10.0

12.11.0

12.12.0

12.13.0

12.14.0

12.15.0

12.16.0

12.17.0

12.18.0

12.18.1

12.19.0

12.2.0

12.20.0

12.21.0

12.29.0

12.3.0

12.30.0

12.31.0

12.32.0

12.33.0

12.34.0

12.35.0

12.35.1

12.35.2

12.36.0

12.36.1

12.37.0

12.38.0

12.38.1

12.39.0

12.39.1

12.4.0

12.4.1

12.40.0

12.41.0

12.41.1

12.41.2

12.41.3

12.42.0

12.43.0

12.44.0

12.44.1

12.45.0

12.45.1

12.46.0

12.47.0

12.47.1

12.48.0

12.48.1

12.48.2

12.48.3

12.49.0

12.49.1

12.5.0

12.50.0

12.51.0

12.52.0

12.53.0

12.54.0

12.55.0

12.56.0

12.57.0

12.57.1

12.57.4

12.58.0

12.59.0

12.6.0

12.60.0

12.60.1

12.61.0

12.61.1

12.62.0

12.62.1

12.62.2

12.63.0

12.64.0

12.64.1

12.64.2

12.65.0

12.65.1

12.65.2

12.65.3

12.65.4

12.65.5

12.65.6

12.65.7

12.66.0

12.67.0

12.67.1

12.7.0

12.7.1

12.8.0

12.9.0

13.*

13.0.0-beta.16

13.0.0-beta.21

13.0.0-beta.22

13.0.0-beta.23

13.0.0-beta.24

13.0.0-beta.25

13.0.0-beta.26

13.0.0-beta.27

13.0.0-beta.28

13.0.0-beta.29

13.0.0-beta.30

13.0.0-beta.31

13.0.0-beta.32

13.0.0-beta.33

13.0.0-beta.34

13.0.0-beta.35

13.0.0-beta.36

13.0.0-beta.37

13.0.0-beta.38

13.0.0-beta.39

13.0.0-beta.40

13.0.0-beta.41

13.0.0-beta.42

13.0.0-beta.43

13.0.0-rc.1

13.0.0-rc.10

13.0.0-rc.11

13.0.0-rc.2

13.0.0-rc.3

13.0.0-rc.5

13.0.0-rc.6

13.0.0-rc.7

13.0.0-rc.8

13.0.0-rc.9

13.11.0-beta.4

13.11.0-beta.6

13.11.0-beta.7

13.11.0-beta.8

13.11.0.beta-1

13.11.0.beta-2

13.11.0.beta-3

13.12.0-beta.2

13.12.0-beta.3

13.12.0-beta.4

13.12.0-beta.5

13.12.0-beta.6

13.13.0-beta.1

13.13.0-beta.2

13.13.0-beta.3

13.13.0-beta.4

13.13.0-beta.5

13.13.0-beta.6

13.13.0-beta.7

13.14.0-beta.1

13.14.0-beta.2

13.14.0-beta.3

13.14.0-beta.4

13.14.0-beta.5

13.14.0-beta.6

13.14.0-beta.7

2.*

2.0.0

2.1.1

2.1.2

2.1.3

2.1.4

2.10.0

2.10.1

2.11.0

2.12.0

2.13.0

2.14.0

2.15.0

2.16.0

2.16.1

2.16.2

2.16.3

2.16.4

2.16.5

2.16.6

2.16.7

2.16.8

2.17.0

2.18.0

2.18.2

2.19.0

2.2.0

2.20.0

2.20.1

2.21.0

2.21.1

2.22.0

2.22.1

2.22.2

2.22.3

2.23.0

2.24.0

2.24.1

2.24.2

2.25.1

2.25.2

2.27.3

2.29.0

2.29.1

2.3.0

2.3.1

2.30.0

2.30.1

2.31.0

2.32.0

2.33.0

2.33.1

2.34.0

2.34.1

2.34.3

2.35.1

2.35.2

2.35.3

2.36.1

2.37.1

2.37.2

2.37.3

2.37.4

2.37.5

2.37.6

2.37.7

2.38.2

2.38.3

2.4.0

2.40.0

2.40.1

2.41.1

2.42.0

2.5.0

2.6.2

2.7.1

2.9.0

2.9.1

2023.*

2023.10.0-beta.1

2023.10.0-beta.10

2023.10.0-beta.11

2023.10.0-beta.12

2023.10.0-beta.13

2023.10.0-beta.14

2023.10.0-beta.15

2023.10.0-beta.2

2023.10.0-beta.3

2023.10.0-beta.4

2023.10.0-beta.5

2023.10.0-beta.6

2023.10.0-beta.7

2023.10.0-beta.8

2023.10.0-beta.9

2023.10.2-beta.1

2023.10.2-beta.2

2023.11.0-beta.1

2023.11.0-beta.10

2023.11.0-beta.2

2023.11.0-beta.3

2023.11.0-beta.4

2023.11.0-beta.5

2023.11.0-beta.6

2023.11.0-beta.7

2023.11.0-beta.8

2023.11.0-beta.9

2023.11.1-beta.1

2023.11.1-beta.2

2023.12.0-beta.1

2023.12.0-beta.2

2023.12.0-beta.3

2023.12.0-beta.4

2023.12.0-beta.5

2023.12.0-beta.6

2023.9.0-beta.1

2023.9.0-beta.10

2023.9.0-beta.11

2023.9.0-beta.2

2023.9.0-beta.3

2023.9.0-beta.4

2023.9.0-beta.5

2023.9.0-beta.6

2023.9.0-beta.7

2023.9.0-beta.8

2023.9.0-beta.9

2023.9.0-rc.1

2023.9.0-rc.2

2023.9.0-rc.3

2023.9.0-rc.4

2024.*

2024.2.0-beta.1

2024.2.0-beta.10

2024.2.0-beta.12

2024.2.0-beta.13

2024.2.0-beta.2

2024.2.0-beta.3

2024.2.0-beta.4

2024.2.0-beta.5

2024.2.0-beta.6

2024.2.0-beta.7

2024.2.0-beta.8

2024.2.0-beta.9

2024.5.0-beta.0

2024.5.0-beta.1

2024.5.0-beta.2

2024.5.0-beta.3

2024.5.0-beta.4

2024.5.0-beta.5

2024.5.0-rc.10

2024.5.0-rc.11

2024.5.0-rc.12

2024.5.0-rc.13

2024.5.0-rc.6

2024.5.0-rc.7

2024.5.0-rc.8

2024.5.0-rc.9

3.*

3.0.1

3.1.0

3.1.1

4.*

4.10.0

4.11.0

4.12.0

4.13.0

4.14.0

4.15.0

4.17.1

4.19.1

4.2.0

4.20.0

4.22.1

4.23.1

4.24.1

4.25.0

4.26.0

4.3.0

4.3.1

4.5.0

4.7.0

4.7.1

4.9.0

5.*

5.0.0

5.1.0

5.10.0

5.11.0

5.12.0

5.13.0

5.13.1

5.13.2

5.14.0

5.15.0

5.16.0

5.17.0

5.18.0

5.19.0

5.20.0

5.20.1

5.21.0

5.22.0

5.22.1

5.23.0

5.23.1

5.23.2

5.24.0

5.24.1

5.25.0

5.3.0

5.4.0

5.5.0

5.6.1

5.6.2

6.*

6.0.0

6.0.1

6.0.2

6.1.0

6.2.0

6.3.0

6.4.0

6.4.1

7.*

7.0.0

7.0.2

7.1.0

7.1.1

7.1.2

7.2.0

7.3.0

8.*

8.17.0

8.18.0

8.19.0

8.19.1

8.20.0

8.21.0

8.23.0

8.24.0

8.25.0

8.26.0

8.27.0

8.28.0

8.28.1

8.29.0

8.30.0

8.31.0

8.32.0

8.33.0

8.34.0

8.34.1

8.34.2

8.34.3

8.34.4

8.35.0

8.36.0

8.37.0

8.38.0

8.39.0

8.40.0

8.41.0

8.42.0

8.43.0

8.44.0

8.44.1

8.45.0

8.45.1

8.46.0

8.47.0

8.48.0

8.49.0

8.5.1

8.50.0

8.51.0

8.52.0

8.53.0

8.54.0

8.55.0

8.56.0

8.57.0

8.57.1

8.58.0

8.59.0

8.60.0

8.61.0

8.62.0

8.63.0

8.64.0

9.*

9.0.0

9.1.0

9.2.0

9.3.0

9.3.1

9.4.0

9.5.0

9.6.0

9.7.0

9.7.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32983.json"