Homepage

hyperkitty@1.3.3 vulnerabilities

A web interface to access GNU Mailman v3 archives

  • latest version

    1.3.12

  • latest non vulnerable version

    1.3.12

  • first published

    12 years ago

  • latest version published

    3 months ago

  • licenses detected

  • View hyperkitty package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the hyperkitty package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    HyperKitty is an A web interface to access GNU Mailman v3 archives.

    Affected versions of this package are vulnerable to Information Exposure due to leaking the archiver key via the logging functionality.

    How to fix Information Exposure?

    Upgrade HyperKitty to version 1.3.5 or higher.

    [,1.3.5)
    • M
    Timing Attack

    HyperKitty is an A web interface to access GNU Mailman v3 archives.

    Affected versions of this package are vulnerable to Timing Attack via the archiver key.

    Note:

    This is only exploitable if you an attacker can send a request from an approved IP listed in MAILMAN_ARCHIVER_FROM.

    How to fix Timing Attack?

    Upgrade HyperKitty to version 1.3.5 or higher.

    [,1.3.5)
    • M
    Information Exposure

    HyperKitty is an A web interface to access GNU Mailman v3 archives.

    Affected versions of this package are vulnerable to Information Exposure. In management/commands/hyperkitty_import.py when importing a private mailing list's archives, these archives are publicly visible for the duration of the import.

    How to fix Information Exposure?

    Upgrade HyperKitty to version 1.3.5 or higher.

    [0,1.3.5)
    Go back to all versions of this package