VYPR

rpm package

opensuse/prosody&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/prosody&distro=openSUSE%20Leap%2015.3

Vulnerabilities (2)

  • CVE-2022-0217Aug 26, 2022
    affected < 0.11.12-bp153.2.12.1fixed 0.11.12-bp153.2.12.1

    It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depen

  • CVE-2021-37601Jul 28, 2021
    affected < 0.11.10-bp153.2.6.2fixed 0.11.10-bp153.2.6.2

    muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.