Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities
CVE-2024-32983
8.2HIGH
What is CVE-2024-32983?
Misskey, an open source decentralized microblogging platform, is exposed to a significant vulnerability due to improper normalization of JSON structures within incoming signed ActivityPub activity objects. This flaw enables threat actors to manipulate the content of these signed activities, potentially impersonating the original authors and undermining the integrity of user interactions. The issue has been identified and addressed in version 2024.5.0, emphasizing the importance of proper data handling in enhancing the security posture.
Affected Version(s)
misskey < 2024.5.0
