Homepage
About Snyk

radicale@0.7.1 vulnerabilities

CalDAV and CardDAV Server

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the radicale package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

Radicale is a CalDAV (calendar) and CardDAV (contact) server.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to allowing the processing of XML content from un-authenticated users.

How to fix Denial of Service (DoS)?

Upgrade Radicale to version 3.0.0 or higher.

[,3.0.0)
  • H
Timing Attack

Radicale is a CalDAV (calendar) and CardDAV (contact) server.

Affected versions of this package are vulnerable to Timing Attack. It was prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

How to fix Timing Attack?

Upgrade Radicale to version 1.1.2, 2.0.0rc2 or higher.

[,1.1.2) [2.0.0rc1,2.0.0rc2)
  • M
Timing Attack

radicale is a CalDAV and CardDAV Server.

Affected versions of this package are vulnerable to Timing Attacks.

[,1.1.2)
  • C
Arbitrary File Access

radicale is a CalDAV and CardDAV Server The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

[,1.1)
  • M
Privilege Escalation

radicale is a CalDAV and CardDAV Server Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by .*.

[,1.1)
  • C
Directory Traversal

radicale is a CalDAV and CardDAV Server The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

[,1.1)
Go back to all versions of this package