CVE-2023-49095 Information

Description

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.

Reference

https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab