prosody dev team

Top products

The 7 most recently published vulnerabilities affecting prosody dev team.

• CVE-2022-0217It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results ...7.5Aug 26, 2022
• CVE-2021-32921An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in...5.9May 13, 2021
• CVE-2021-32920Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.7.5May 13, 2021
• CVE-2021-32919An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not ...7.5May 13, 2021
• CVE-2021-32918An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua ...7.5May 13, 2021
• CVE-2021-32917An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted us...5.3May 13, 2021
• CVE-2020-8086The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only ...9.8Jan 28, 2020