Droppy Project

droppy_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Droppy

droppy

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7757 1Droppy Project 1Droppy Jun 17, 2026 Nov 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.
CVE-2016-10529 1Droppy Project 1Droppy Nov 21, 2024 May 31, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. Fo...Show more Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2020-7757

1Droppy Project

1Droppy

Jun 17, 2026

Nov 2, 2020

N/A· v4

6.5 MEDIUM· v3

4.0 MEDIUM· v2

This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.

CVE-2016-10529

1Droppy Project

1Droppy

Nov 21, 2024

May 31, 2018

N/A· v4

8.8 HIGH· v3

6.8 MEDIUM· v2

Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.Show less