Latest etherpad etherpad Vulnerabilities

CVE-2021-43802
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Eth...
Etherpad Etherpad<1.8.16
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
Etherpad Etherpad=1.8.13
CVE-2020-22783
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
Etherpad Etherpad<1.8.3
CVE-2020-22782
Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.
Etherpad Etherpad<1.8.3
CVE-2020-22781
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
Etherpad Etherpad<1.8.3
CVE-2020-22785
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rat...
Etherpad Etherpad<1.8.3
CVE-2015-3309
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot...
Etherpad Etherpad>=1.1.2<=1.5.4
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
Etherpad Etherpad=1.7.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203