Improper Source Verification in Dino's XEP-0280 Message Carbons Module

Improper Source Verification in Dino's XEP-0280 Message Carbons Module

CVE-2019-16235 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.

Learn more about our Web Application Penetration Testing UK.