This page aggregates publicly disclosed CVE and security risk information related to droppy_project, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-7757 | This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. | [email protected] | 6.5 | 1.55% | 2020-11-02 | 2026-06-16 |
| CVE-2016-10529 | Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | [email protected] | 8.8 | 0.49% | 2018-05-31 | 2026-06-16 |