Homepage
About Snyk

hyperkitty@0.1.3 vulnerabilities

A web interface to access GNU Mailman v3 archives

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the hyperkitty package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

HyperKitty is an A web interface to access GNU Mailman v3 archives.

Affected versions of this package are vulnerable to Information Exposure due to leaking the archiver key via the logging functionality.

How to fix Information Exposure?

Upgrade HyperKitty to version 1.3.5 or higher.

[,1.3.5)
  • M
Timing Attack

HyperKitty is an A web interface to access GNU Mailman v3 archives.

Affected versions of this package are vulnerable to Timing Attack via the archiver key.

Note:

This is only exploitable if you an attacker can send a request from an approved IP listed in MAILMAN_ARCHIVER_FROM.

How to fix Timing Attack?

Upgrade HyperKitty to version 1.3.5 or higher.

[,1.3.5)
  • M
Information Exposure

HyperKitty is an A web interface to access GNU Mailman v3 archives.

Affected versions of this package are vulnerable to Information Exposure. In management/commands/hyperkitty_import.py when importing a private mailing list's archives, these archives are publicly visible for the duration of the import.

How to fix Information Exposure?

Upgrade HyperKitty to version 1.3.5 or higher.

[0,1.3.5)
Go back to all versions of this package