Impact Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. Patches Patched in version 4.0.3. Workarounds It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. “`ts function doPost(payload, header_signature) { if (whatsapp.verifyRequestSignature(payload.toString(), header_signature) { throw 403; } // Now the payload is correctly verified whatsapp.post(payload); } “` References…Read More