Lynx Project: >> Lynx >> 2.8.9 Security Vulnerabilities
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
CVSS Score
5.3
EPSS Score
0.029
Published
2021-08-07
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.
CVSS Score
5.3
EPSS Score
0.004
Published
2017-11-17