EPSS
Percentile
31.5%
rdiffweb is vulnerable to information disclosure. The vulnerability exist in empty function in dispatch.py, which allows an unauthenticated attacker to view sensitive information due to improper cache control.
empty
dispatch.py
github.com/advisories/GHSA-7fqm-jm52-f9vc
github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40
huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d
huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d/