FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mailpit -- Performance information disclosure

Affected packages
mailpit < 1.27.10

Details

VuXML ID 0b5145e9-a500-11f0-a136-10ffe07f9334
Discovery 2025-10-09
Entry 2025-10-09

Ralph Slooten (Mailpit developer) reports:

An HTTP endpoint was found which exposed expvar runtime information (memory usage, goroutine counts, GC behavior, uptime and potential runtime flags) due to the Prometheus client library dependency.

[source]

References

URL https://github.com/axllent/mailpit/releases/tag/v1.27.10

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.