Impact
Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts.
Patches
Patched in 2.6.1
Workarounds
Site maintainers can cherry-pick 48d1439 into their codebase to patch the exploit.
References
A writeup is pending
For more information
If you have any questions or comments about this advisory:
Discuss it on our community forum
Email us at support@nodebb.org
Impact
Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts.
Patches
Patched in 2.6.1
Workarounds
Site maintainers can cherry-pick 48d1439 into their codebase to patch the exploit.
References
A writeup is pending
For more information
If you have any questions or comments about this advisory:
Discuss it on our community forum
Email us at support@nodebb.org