Impact
What kind of vulnerability is it? Who is impacted?
Account creation restrictions do not work, such as invite only mode, email verification, captcha, and shield verification.
This poses a risk to:
- Integrity: accounts are immediately verified when the email may not actually be valid.
- Availability: service may suffer higher DoS risk if there is not active monitoring.
Patches
Has the problem been patched? What versions should users upgrade to?
Patch provided in commit eda3643.
Downgrade to 0.6.13 immediately (20240212-1) or upgrade to 0.7.8 as soon as its available (20240612-1).
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No.
Impact
What kind of vulnerability is it? Who is impacted?
Account creation restrictions do not work, such as invite only mode, email verification, captcha, and shield verification.
This poses a risk to:
Patches
Has the problem been patched? What versions should users upgrade to?
Patch provided in commit eda3643.
Downgrade to 0.6.13 immediately (
20240212-1) or upgrade to 0.7.8 as soon as its available (20240612-1).Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No.