First published: Fri Aug 12 2022(Updated: )
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Joinbookwyrm Bookwyrm | <0.4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-35953 is a vulnerability in BookWyrm, a social network application, that allows for tabnabbing phishing attacks through vulnerable links.
CVE-2022-35953 has a severity rating of 6.1, which is considered high.
CVE-2022-35953 allows attackers to redirect users to a malicious site by exploiting vulnerable links in BookWyrm.
Yes, the issue has been patched in version 0.4.6 of BookWyrm.
More information about CVE-2022-35953 can be found in the references provided: [GitHub Advisory](https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x) and [Huntr Bounty](https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/).