CVE-2024-50347 – Laravel Reverb has Missing API Signature Verification

https://notcve.org/view.php?id=CVE-2024-50347

31 Oct 2024 — Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message from a backend service or for obtaining statistical information (such as number of connections) about a given channel. This issue only affects the Pusher-compatible API endpoints and not the WebSocket connections the... • https://github.com/laravel/reverb/commit/73cc140d76e803b151fc2dd2e4eb3eb784a82ee2 • CWE-347: Improper Verification of Cryptographic Signature •