8.0.3
10 years ago
26 days ago
Known vulnerabilities in the offlineimap package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
offlineimap is an IMAP synchronization tool Affected versions of this package are vulnerable to Use of Less Trusted Source due to trusting the server's STARTTLS capability before authentication. An attacker can intercept and manipulate the connection by performing a man-in-the-middle attack, potentially extracting account credentials in cleartext. How to fix Use of Less Trusted Source? Upgrade | [,8.0.3) |