VulnerableCode Package Details - pkg:pypi/slixmpp@1.2.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-61dw-bszt-7be4 Aliases: CVE-2019-1000021 GHSA-4g62-mfwx-4q48 PYSEC-2019-121	slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.	1.4.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-get1-2fht-u7bu Aliases: CVE-2022-45197 PYSEC-2022-43013	Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.	1.8.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-61dw-bszt-7be4
Aliases:
CVE-2019-1000021
GHSA-4g62-mfwx-4q48
PYSEC-2019-121

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.

1.4.2
Affected by 1 other vulnerability.

VCID-get1-2fht-u7bu
Aliases:
CVE-2022-45197
PYSEC-2022-43013

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

1.8.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4gvs-chkc-juef	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.	CVE-2017-5591 GHSA-c35g-jr5f-h83p PYSEC-2017-103 PYSEC-2017-104

Vulnerability

Summary

Aliases

VCID-4gvs-chkc-juef

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.

CVE-2017-5591
GHSA-c35g-jr5f-h83p
PYSEC-2017-103
PYSEC-2017-104

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:43:02.441663+00:00	GitLab Importer	Fixing	VCID-4gvs-chkc-juef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/slixmpp/CVE-2017-5591.yml	38.6.0
2026-06-02T04:18:10.241261+00:00	Pypa Importer	Affected by	VCID-get1-2fht-u7bu	https://github.com/pypa/advisory-database/blob/main/vulns/slixmpp/PYSEC-2022-43013.yaml	38.6.0
2026-06-02T04:05:31.347269+00:00	Pypa Importer	Affected by	VCID-61dw-bszt-7be4	https://github.com/pypa/advisory-database/blob/main/vulns/slixmpp/PYSEC-2019-121.yaml	38.6.0
2026-06-02T04:04:30.159525+00:00	Pypa Importer	Fixing	VCID-4gvs-chkc-juef	https://github.com/pypa/advisory-database/blob/main/vulns/slixmpp/PYSEC-2017-104.yaml	38.6.0