tt-rss
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Web-based news feed (RSS/Atom) aggregator |
| Version |
2:r12636.a3becdc77-1 [extra-testing] 2:r12294.35aa534c7-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1684 | 2:r10198.6d8f2221b-2 | 2:r10820.4e81233ac-1 | High | Not affected |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-28373 | AVG-1684 | High | Yes | Authentication bypass | The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this... |