DSA-5379-1 dino-im -- dino-imID: oval:org.secpod.oval:def:610501 | Date: (C)2023-05-02 (M)2023-11-13 |
Class: PATCH | Family: unix |
Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.