Difference between revisions of "XEP-Remarks/XEP-0280: Message Carbons"

Jump to navigation Jump to search

XEP-Remarks/XEP-0280: Message Carbons (view source)

Revision as of 17:36, 31 January 2021

109 bytes added ,  17:36, 31 January 2021
→‎Client-Side Processing: CVE-2020-26547 in Monal
(→‎Client-Side Processing: CVE-2020-26547 in Monal)
Line 19: Line 19:
* [https://op-co.de/tmp/CVE-2017-5589.html CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability]
* [https://op-co.de/tmp/CVE-2017-5589.html CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability]
* [https://gultsch.de/dino_multiple.html CVE-2019-16235+ Multiple Vulnerabilities found in Dino]
* [https://gultsch.de/dino_multiple.html CVE-2019-16235+ Multiple Vulnerabilities found in Dino]
* [https://monal.im/blog/cve-2020-26547/  CVE-2020-26547 Missing verification of origin of Carbons in Monal]


Before processing a Carbon, the client must determine whether the message was a MUC-PM or a regular chat message (this might require an IQ round-trip to the sending entity).
Before processing a Carbon, the client must determine whether the message was a MUC-PM or a regular chat message (this might require an IQ round-trip to the sending entity).
Zash
44

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/13417"

Navigation menu