{"source":1120506,"name":"baileys","dependency":"baileys","title":"Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload","url":"https://github.com/advisories/GHSA-qvv5-jq5g-4cgg","severity":"critical","versions":["4.5.3","4.5.4","4.5.5","4.5.6","4.5.7","4.5.8","5.0.1","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","6.0.0","6.0.1","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","6.0.9","6.7.0","6.7.1","6.7.2","6.7.3","6.7.4","6.7.5","6.7.6","6.7.7","6.7.8","6.7.9","6.7.10","6.7.11","6.7.12","6.7.13","6.7.14","6.7.15","6.7.16","6.7.17","6.7.18","6.7.19","6.7.20","6.7.21","6.7.22","6.7.23","6.17.16","7.0.0-rc.1","7.0.0-rc.2","7.0.0-rc.3","7.0.0-rc.4","7.0.0-rc.5","7.0.0-rc.6","7.0.0-rc.7","7.0.0-rc.8","7.0.0-rc.9","7.0.0-rc10","7.0.0-rc11","7.0.0-rc12","7.0.0-rc13"],"vulnerableVersions":["7.0.0-rc.1","7.0.0-rc.2","7.0.0-rc.3","7.0.0-rc.4","7.0.0-rc.5","7.0.0-rc.6","7.0.0-rc.7","7.0.0-rc.8","7.0.0-rc.9","7.0.0-rc10","7.0.0-rc11"],"cwe":["CWE-290","CWE-345","CWE-346"],"cvss":{"score":0,"vectorString":null},"range":">=7.0.0-rc.1 <7.0.0-rc12","id":"oOgC+ud0Uzt7bRm9yAeBEnZ7H4U+dlRZNrg0Ojn7/ONfbkip7D7sxc37oPh0/mYTYfkJ1VqOXBeorBFY9bcGew=="}