prosody is vulnerable to information disclosure. A remote attacker is able to obtain confidential information such as the list of admins, users, and banned entities of a multi-user chat room in common configurations.
www.openwall.com/lists/oss-security/2021/07/28/4
lists.fedoraproject.org/archives/list/[email protected]/message/7BZRRPCNOETB4MN4XSYPRBBKDIHO27DY/
lists.fedoraproject.org/archives/list/[email protected]/message/EMKIOEP2CYWHVVUCNWISPE4AGH4IR7O2/
prosody.im/
prosody.im/security/advisory_20210722/
security-tracker.debian.org/tracker/CVE-2021-37601