allmydata-tahoe@0.8.0 vulnerabilities

secure, decentralized, fault-tolerant filesystem

Known vulnerabilities in the allmydata-tahoe package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Information Exposure allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem Affected versions of this package are vulnerable to Information Exposure by allowing helper access to partial plaintext hashes. How to fix Information Exposure? Upgrade `allmydata-tahoe` to version 1.5.0 or higher.	[,1.5.0)
L Timing Attack allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem Affected versions of this package are vulnerable to Timing Attack due to the use of `strcmp` against the write-enabler and lease-renewal/cancel secrets. An attacker who could measure response-time variations of approximately 3ns against a very noisy background time of about 15ms, might be able to guess these secrets. How to fix Timing Attack? Upgrade `allmydata-tahoe` to version 1.4.1 or higher.	[,1.4.1)
M Improper Input Validation allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem Affected versions of this package are vulnerable to Improper Input Validation by allowing a user to create a URI on Tahoe that corresponds to two different files (but URIs are supposed to be unique). As a result, an adversary might be able to publish a benign file and malware under the same URI, make initially the benign file available to users causing the URI to be shared, and then switch the benign file for malware (without changing the URI). How to fix Improper Input Validation? Upgrade `allmydata-tahoe` to version 1.2.0 or higher.	[,1.2.0)