cbcvebase.
CVE-2024-45607
published 2024-09-12

CVE-2024-45607: whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the…

PriorityP340medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
14.12%
96.1th percentile
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.

Affected

3 ranges
VendorProductVersion rangeFixed in
secreto31126whatsapp-api-js
secreto31126whatsapp-api-js>= 4.0.0 < 4.0.34.0.3
secreto31126whatsapp-api-js>= 4.0.0 < 4.0.34.0.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.