nheko is vulnerable to man-in-the-middle (MitM) attacks. The library homeservers inserting malicious secrets, allows remote attackers to cause man-in-the-middle attacks.
github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199
github.com/Nheko-Reborn/nheko/releases/tag/v0.10.2
github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7
lists.fedoraproject.org/archives/list/[email protected]/message/TA6A5ADUVAYKD3ZFLF2JPZOTIOFJOEU7/
lists.fedoraproject.org/archives/list/[email protected]/message/YBOL6OOQGPZD2RLYT4EHAWTFXNIHLYEN/
security-tracker.debian.org/tracker/CVE-2022-39264