Note:
This project will be discontinued after December 13, 2021. [more]
2018-10-25
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.
| Products | Prayer |
| Type | Information Exposure (CWE-200) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugs.debian.org/911842
• https://telescoper.wordpress.com/2018/10/18/a-breakthrough-for-a-bigot/#comment-339386 |