VulnerableCode Package Details - pkg:pypi/radicale@1.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-dw4s-1un9-3qg1 Aliases: CVE-2017-8342 GHSA-rpv4-63g3-9x23 PYSEC-2017-102	Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.	1.1.2 Affected by 0 other vulnerabilities. 2.0.0rc2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dw4s-1un9-3qg1
Aliases:
CVE-2017-8342
GHSA-rpv4-63g3-9x23
PYSEC-2017-102

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

1.1.2
Affected by 0 other vulnerabilities.

2.0.0rc2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2awy-8tkx-3fe2	Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".	CVE-2015-8748 GHSA-6w8c-6jrg-qwj2 PYSEC-2016-37
VCID-j4yd-fdnt-vub6	The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.	CVE-2015-8747 PYSEC-2016-36
VCID-unc1-fh32-v3gh	Path Traversal The filesystem storage backend in Radicale on Windows allows remote attackers to read or write to arbitrary files via a crafted path.	CVE-2016-1505

Vulnerability

Summary

Aliases

VCID-2awy-8tkx-3fe2

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".

CVE-2015-8748
GHSA-6w8c-6jrg-qwj2
PYSEC-2016-37

VCID-j4yd-fdnt-vub6

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

CVE-2015-8747
PYSEC-2016-36

VCID-unc1-fh32-v3gh

Path Traversal The filesystem storage backend in Radicale on Windows allows remote attackers to read or write to arbitrary files via a crafted path.

CVE-2016-1505

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:43:38.208461+00:00	GitLab Importer	Fixing	VCID-2awy-8tkx-3fe2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Radicale/CVE-2015-8748.yml	38.6.0
2026-06-02T04:36:29.206085+00:00	GitLab Importer	Fixing	VCID-unc1-fh32-v3gh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Radicale/CVE-2016-1505.yml	38.6.0
2026-06-02T04:04:38.805186+00:00	Pypa Importer	Affected by	VCID-dw4s-1un9-3qg1	https://github.com/pypa/advisory-database/blob/main/vulns/radicale/PYSEC-2017-102.yaml	38.6.0
2026-06-02T04:04:08.912153+00:00	Pypa Importer	Fixing	VCID-j4yd-fdnt-vub6	https://github.com/pypa/advisory-database/blob/main/vulns/radicale/PYSEC-2016-36.yaml	38.6.0
2026-06-02T04:04:08.796264+00:00	Pypa Importer	Fixing	VCID-2awy-8tkx-3fe2	https://github.com/pypa/advisory-database/blob/main/vulns/radicale/PYSEC-2016-37.yaml	38.6.0