CVE-2024-39891
Twilio Authy Information Disclosure Vulnerability
⚠ KEVEPSS 17.1%
Description
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
How to fix CVE-2024-39891
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2024-39891 being exploited?
Yes — CVE-2024-39891 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.