rpm package
opensuse/prosody&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/prosody&distro=openSUSE%20Leap%2015.3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0217 | — | < 0.11.12-bp153.2.12.1 | 0.11.12-bp153.2.12.1 | Aug 26, 2022 | It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depen | ||
| CVE-2021-37601 | — | < 0.11.10-bp153.2.6.2 | 0.11.10-bp153.2.6.2 | Jul 28, 2021 | muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations. |
- CVE-2022-0217Aug 26, 2022affected < 0.11.12-bp153.2.12.1fixed 0.11.12-bp153.2.12.1
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depen
- CVE-2021-37601Jul 28, 2021affected < 0.11.10-bp153.2.6.2fixed 0.11.10-bp153.2.6.2
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.