CVE-2017-5658

Name of the Vulnerable Software and Affected Versions: Apache Pony Mail versions 0.7 through 0.9

Description: The statistics generator in Apache Pony Mail was found to be returning timestamp data without proper authorization checks, potentially leading to derived information disclosure on private lists about the timing of specific email subjects or text bodies. This issue was primarily related to a caching feature used for faster loading times, which was disabled by default to prevent this.

Recommendations: For Apache Pony Mail versions 0.7 through 0.9, upgrade to version 0.10 to address this issue.