CVE-2024-46957: Mellium allows Authentication Bypass by Spoofing

Severity: Critical

CVSS Score: 9.8

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.