[3.7] prosody: insufficient stream header validation (CVE-2018-10847)ID: oval:org.secpod.oval:def:1801096 | Date: (C)2018-07-31 (M)2021-11-09 |
Class: PATCH | Family: unix |
Due to insufficient validation of client-provided parameters during XMPP stream restarts, authenticated users may override the realm associated with their session, potentially bypassing security policies and allowing impersonation. Affected versions:¶ 0.9.x prior to 0.9.14, 0.10.x prior to 0.10.2. All prior series affected. Fixed in version:¶ 0.9.14, 0.10.2
Platform: |
Alpine Linux 3.7 |