offlineimap@7.2.4

IMAP synchronization tool

  • latest version

    8.0.3

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    26 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the offlineimap package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Use of Less Trusted Source

    offlineimap is an IMAP synchronization tool

    Affected versions of this package are vulnerable to Use of Less Trusted Source due to trusting the server's STARTTLS capability before authentication. An attacker can intercept and manipulate the connection by performing a man-in-the-middle attack, potentially extracting account credentials in cleartext.

    How to fix Use of Less Trusted Source?

    Upgrade offlineimap to version 8.0.3 or higher.

    [,8.0.3)