Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution
Posted: Mon Jan 13, 2025 4:02 am
The Jitsi VideoBridge failed to properly handle JSON messages with duplicate colibriClass keys, enabling clients to send messages interpreted differently by the bridge and resulting in unauthorized actions within video conferences.
Jitsi Security Advisory has been published:
https://hackerone.com/reports/2095061
Jitsi Security Advisory has been published:
https://hackerone.com/reports/2095061