Go modules package
github.com/foxcpp/maddy
pkg:golang/github.com/foxcpp/maddy
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40193 | Hig | 8.2 | < 0.9.3 | 0.9.3 | Apr 16, 2026 | maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, | |
| CVE-2023-27582 | — | >= 0.2.0, < 0.6.3 | 0.6.3 | Mar 13, 2023 | maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified usernam | ||
| CVE-2022-24732 | — | < 0.5.4 | 0.5.4 | Mar 9, 2022 | Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accou | ||
| CVE-2021-42583 | — | < 0.5.2 | 0.5.2 | Dec 28, 2021 | A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information. |
- affected < 0.9.3fixed 0.9.3
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping,
- CVE-2023-27582Mar 13, 2023affected >= 0.2.0, < 0.6.3fixed 0.6.3
maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified usernam
- CVE-2022-24732Mar 9, 2022affected < 0.5.4fixed 0.5.4
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accou
- CVE-2021-42583Dec 28, 2021affected < 0.5.2fixed 0.5.2
A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.