CVE-2022-35953
First published: Fri Aug 12 2022(Updated: )
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joinbookwyrm Bookwyrm | <0.4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-35953?
CVE-2022-35953 is a vulnerability in BookWyrm, a social network application, that allows for tabnabbing phishing attacks through vulnerable links.
What is the severity of CVE-2022-35953?
CVE-2022-35953 has a severity rating of 6.1, which is considered high.
How does CVE-2022-35953 work?
CVE-2022-35953 allows attackers to redirect users to a malicious site by exploiting vulnerable links in BookWyrm.
Is there a patch available for CVE-2022-35953?
Yes, the issue has been patched in version 0.4.6 of BookWyrm.
Where can I find more information about CVE-2022-35953?
More information about CVE-2022-35953 can be found in the references provided: [GitHub Advisory](https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x) and [Huntr Bounty](https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/).
- collector/nvd-index
- vendor/joinbookwyrm
- canonical/joinbookwyrm bookwyrm