GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.Referenceshttps://groupsession.jp/info/info-news/security20251208https://jvn.jp/en/jp/JVN19940619/
