radicale
PyPI4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting radicalepage 1 of 1
- CVE-2015-8747CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.12016-02-03
vulnerable: 0.10 ... 0.1 (19 versions)
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
- CVE-2015-8748MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.12016-02-03
vulnerable: 0.10 ... 0.1 (19 versions)
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
- CVE-2016-1505CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.12016-02-03
vulnerable: 0.10 ... 1.0.1 (18 versions)
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
- CVE-2017-8342HIGHCVSS 8.1EG 8.1✓ Fixed in 1.1.22017-04-30
vulnerable: 0.10 ... 0.1 (23 versions)
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
Check whether radicale is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for radicale CVEs against the assets you own.
Start Free Scan →