Low severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025
User preference to prevent private discussions not respected in fof/byobu
CVE-2022-35921
Description
fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fof/byobuPackagist | >= 0.3.0-beta.2, < 1.1.7 | 1.1.7 |
Affected products
2- Range: >=0.3.0-beta.2, < 1.1.7
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6gjm-6wj6-4px5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35921ghsaADVISORY
- github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdefeba5171ghsax_refsource_MISCWEB
- github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.