Homepage
About Snyk

allmydata-tahoe@1.3.0 vulnerabilities

secure, decentralized, fault-tolerant filesystem

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the allmydata-tahoe package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem

Affected versions of this package are vulnerable to Information Exposure by allowing helper access to partial plaintext hashes.

How to fix Information Exposure?

Upgrade allmydata-tahoe to version 1.5.0 or higher.

[,1.5.0)
  • L
Timing Attack

allmydata-tahoe is a secure, decentralized, fault-tolerant filesystem

Affected versions of this package are vulnerable to Timing Attack due to the use of strcmp against the write-enabler and lease-renewal/cancel secrets. An attacker who could measure response-time variations of approximately 3ns against a very noisy background time of about 15ms, might be able to guess these secrets.

How to fix Timing Attack?

Upgrade allmydata-tahoe to version 1.4.1 or higher.

[,1.4.1)
Go back to all versions of this package