Skip to main content

Misskey CVE-2023-24812

CRITICAL
SQL Injection (CWE-89)
2023-02-22 security-advisories@github.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 22, 2023 - 20:15 nvd
CRITICAL 9.8

DescriptionNVD

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the api/notes/search-by-tag endpoint.

AnalysisAI

Misskey is an open source, decentralized social media platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the api/notes/search-by-tag endpoint. Affected products include: Misskey. Version information: prior to 13.3.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2024-32983 HIGH POC
7.5 Jun 03

Misskey is an open source, decentralized microblogging platform. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2019-1020010 MEDIUM POC
6.1 Jul 29

Misskey before 10.102.4 allows hijacking a user's token. Rated medium severity (CVSS 6.1), this vulnerability is remotel

CVE-2023-52139 CRITICAL
9.6 Dec 29

Misskey is an open source, decentralized social media platform. Rated critical severity (CVSS 9.6), this vulnerability i

CVE-2025-46559 MEDIUM POC
5.4 May 05

Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remo

CVE-2024-52591 HIGH
8.8 Dec 18

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2024-52590 HIGH
8.8 Dec 18

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2024-25636 HIGH
8.8 Feb 19

Misskey is an open source, decentralized social media platform with ActivityPub support. Rated high severity (CVSS 8.8),

CVE-2025-24897 HIGH
8.2 Feb 11

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.2), this vulnerability is remote

CVE-2025-24896 HIGH
8.1 Feb 11

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2026-28431 HIGH
7.5 Mar 10

Misskey is an open source, federated social media platform.

CVE-2026-28432 HIGH
7.5 Mar 10

federated social media platform. All Misskey server versions up to 2026.3.1 is affected by improper verification of cryp

CVE-2023-49079 HIGH
7.5 Nov 29

Misskey is an open source, decentralized social media platform. Rated high severity (CVSS 7.5), this vulnerability is re

Share

CVE-2023-24812 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy