slixmpp
PyPI3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting slixmpppage 1 of 1
- CVE-2017-5591MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.2.42017-02-09
vulnerable: 1.0 ... 1.2.3 (11 versions)
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engi…
- CVE-2019-1000021HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.22019-02-04
vulnerable: 1.0 ... 1.4.1 (16 versions)
slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of def…
- CVE-2022-45197HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32022-12-25
vulnerable: 1.0 ... 1.8.2 (27 versions)
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Check whether slixmpp is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for slixmpp CVEs against the assets you own.
Start Free Scan →