prosody

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight and extensible Jabber/XMPP server written in Lua
Version 1:0.11.10-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2237 1:0.11.9-2 1:0.11.10-1 Medium Fixed FS#71641
AVG-1955 1:0.11.8-1 1:0.11.9-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-37601 AVG-2237 Medium Yes Information disclosure
It was discovered that Prosody 0.11.0 up to 0.11.9 exposes the list of entities (Jabber/XMPP addresses) affiliated (part of) a Multi-User chat to any user,...
CVE-2021-32921 AVG-1955 Medium Yes Information disclosure
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. It was discovered that Prosody does not use a constant-time...
CVE-2021-32920 AVG-1955 Medium Yes Denial of service
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. It was discovered that Prosody does not disable SSL/TLS...
CVE-2021-32919 AVG-1955 Medium Yes Authentication bypass
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. The undocumented option ‘dialback_without_dialback’ enabled an...
CVE-2021-32918 AVG-1955 High Yes Denial of service
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. It was discovered that default settings leave Prosody susceptible...
CVE-2021-32917 AVG-1955 Medium Yes Insufficient validation
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. mod_proxy65 is a file transfer proxy provided with Prosody to...

Advisories

Date Advisory Group Severity Type
10 Aug 2021 ASA-202108-11 AVG-2237 Medium information disclosure
19 May 2021 ASA-202105-11 AVG-1955 High multiple issues