Impact
Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb.
Patches
- Patched in v3.1.3
- Backported to v2.x line via v2.8.13
Workarounds
Users can cherry-pick 51096ad if they are on v3.x
If you are running v2.x of NodeBB, you can cherry-pick a5d92da followed by 62e162c
Impact
Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb.
Patches
Workarounds
Users can cherry-pick 51096ad if they are on v3.x
If you are running v2.x of NodeBB, you can cherry-pick a5d92da followed by 62e162c