Pony Mail
by Apache
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41873 | Cri | 0.64 | 9.8 | 0.00 | Apr 28, 2026 | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python… | ||
| CVE-2016-4460 | Cri | 0.64 | 9.8 | 0.06 | Aug 22, 2017 | Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | ||
| CVE-2017-5658 | Med | 0.35 | 5.3 | 0.02 | Oct 4, 2018 | The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without… | ||
| CVE-2019-0218 | 0.00 | — | 0.05 | Apr 22, 2019 | A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. |
- risk 0.64cvss 9.8epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python…
- risk 0.64cvss 9.8epss 0.06
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
- risk 0.35cvss 5.3epss 0.02
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without…
- CVE-2019-0218Apr 22, 2019risk 0.00cvss —epss 0.05
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.