[3.7] prosody: insufficient stream header validation (CVE-2018-10847)| ID: oval:org.secpod.oval:def:1801096 | Date: (C)2018-07-31 (M)2021-11-09 |
| Class: PATCH | Family: unix |
Due to insufficient validation of client-provided parameters during XMPP stream restarts, authenticated users may override the realm associated with their session, potentially bypassing security policies and allowing impersonation. Affected versions:¶ 0.9.x prior to 0.9.14, 0.10.x prior to 0.10.2. All prior series affected. Fixed in version:¶ 0.9.14, 0.10.2
| Platform: |
| Alpine Linux 3.7 |
