Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Pony Mail 安全漏洞
Vulnerability Description
Apache Pony Mail是美国阿帕奇(Apache)软件基金会的一款具有邮件归档、查看和交互功能的插件。 Apache Pony Mail 0.7版本至0.9版本中的statistics generator存在安全漏洞,该漏洞源于statistics generator没有进行适当的授权检查就返回时间戳数据。攻击者可利用该漏洞获取私人列表中邮件主题或文本主体的时序信息。
CVSS Information
N/A
Vulnerability Type
N/A