4.6

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-41962

CVE-2024-41962: Bostr Improper Authorization vulnerability

Even with authorized_keys is filled with allowed pubkeys, If noscraper is enabled, It will allow anyone to use bouncer even it's pubkey is not in authorized_keys.

Impact

Private bouncer

Patches

Available on version 3.0.10

Workarounds

Disable noscraper if you have authorized_keys being set in config

References

This line of code is the cause.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-41962

CVE-2024-41962:

4.6

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
bostr	npm	< 3.0.10	3.0.10

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from line 21 in auth.js (pre-patch) where authorization logic improperly handled the noscraper flag. The original condition if (!authorized_keys?.includes(...) && !private_keys[...] && !noscraper) would evaluate to false when noscraper=true, bypassing the authorization check entirely. The module export function in auth.js is the authentication entrypoint that contained this flawed logic, making it the vulnerable function. The commit diff and CVE description both explicitly reference this code path as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-41962: Bostr Improper Authorization vulnerability

Impact

Patches

Workarounds

References

CVE-2024-41962:

4.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

CVE-2024-41962: Bostr Improper Authorization vulnerability

Impact

Patches

Workarounds

References

4.6

4.6

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI