{"id":"CVE-2024-41962","summary":"Bostr Improper Authorization","details":"Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10.","aliases":["GHSA-5cf7-cxrf-mq73"],"modified":"2026-04-02T12:17:47.449451Z","published":"2024-08-01T16:30:57.629Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41962.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-285"]},"references":[{"type":"WEB","url":"https://github.com/Yonle/bostr/blob/8665374a66e2afb9f92d0414b0d6f420a95d5d2d/auth.js#L21"},{"type":"WEB","url":"https://github.com/Yonle/bostr/releases/tag/3.0.10"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41962.json"},{"type":"ADVISORY","url":"https://github.com/Yonle/bostr/security/advisories/GHSA-5cf7-cxrf-mq73"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41962"},{"type":"FIX","url":"https://github.com/Yonle/bostr/commit/49181f4ec9ae1472c6675cab56bbc01e723855af"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yonle/bostr","events":[{"introduced":"0"},{"fixed":"2a0c641133541792d2b8dc2de786d80c48c416c3"}]}],"versions":["1.0.0","2.0.0","2.0.0-r1","2.0.1","2.0.10","2.0.2","2.0.3","2.0.4","2.0.5","2.0.5-a","2.0.6","2.0.7","2.0.8","2.0.9","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.5","2.1.5-1","2.1.5-3","2.1.5-4","2.1.5-5","2.1.5-6","3.0.0","3.0.1","3.0.2","3.0.2-1","3.0.2-2","3.0.2-3","3.0.2-5","3.0.3","3.0.4-1","3.0.4-2","3.0.5","3.0.6","3.0.7","3.0.7-1","3.0.8","3.0.9","3.0.9-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41962.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"}]}