Is joelbutcher/socialstream affected by CVE-2024-56329?

Packagist joelbutcher/socialstream is affected in >=6.0.0 <6.2.0, <5.6.0.

Is CVE-2024-56329 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

high

CVE-2024-56329

Q: Is CVE-2024-56329 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

Packagist · joelbutcher/socialstream

Summary

Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback

Severity: high
EPSS: 0.5% (p41)
Also known as: GHSA-3q97-vjpp-c8rp
Published: 2024-12-20

References

https://github.com/joelbutcher/socialstream/security/advisories/GHSA-3q97-vjpp-c8rp
https://nvd.nist.gov/vuln/detail/CVE-2024-56329
https://github.com/joelbutcher/socialstream/commit/ae4dc3906f54fa792b296036d7b3dcea9a4d259b

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.