allmydata-tahoe@0.9.0 vulnerabilities
secure, decentralized, fault-tolerant filesystem
-
latest version
1.10.2
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
9 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the allmydata-tahoe package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem Affected versions of this package are vulnerable to Information Exposure by allowing helper access to partial plaintext hashes. How to fix Information Exposure? Upgrade |
[,1.5.0)
|
allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem Affected versions of this package are vulnerable to Timing Attack due to the use of How to fix Timing Attack? Upgrade |
[,1.4.1)
|
allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem Affected versions of this package are vulnerable to Improper Input Validation by allowing a user to create a URI on Tahoe that corresponds to two different files (but URIs are supposed to be unique). As a result, an adversary might be able to publish a benign file and malware under the same URI, make initially the benign file available to users causing the URI to be shared, and then switch the benign file for malware (without changing the URI). How to fix Improper Input Validation? Upgrade |
[,1.2.0)
|