Security Advisories
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.