|Type||Denial of service|
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. It was discovered that default settings leave Prosody susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
|19 May 2021||ASA-202105-11||AVG-1955||prosody||High||multiple issues|
Workaround ========== The issue can be partly mitigated using stricter settings for stanza size limits, rate limits and garbage collection parameters, see the referenced advisory for more details.