CVE-2021-35057 log

Severity Medium
Remote Yes
Type Private key recovery
A security issue has been found in HyperKitty before version 1.3.5, where the secret archiver key is vulnerable to timing attacks. This is only exploitable if you can send a request from a approved IP listed in MAILMAN_ARCHIVER_FROM.
Group Package Affected Fixed Severity Status Ticket
AVG-2003 hyperkitty 1.3.4-2 1.3.5-1 Medium Fixed