Prosody: >> Prosody >> 0.9.9 Security Vulnerabilities
Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module.
CVSS Score
7.5
EPSS Score
0.011
Published
2018-05-09
The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix.
CVSS Score
5.3
EPSS Score
0.007
Published
2016-01-29
Page 2