Lua · Lua · CVE-2021-32921
**Name of the Vulnerable Software and Affected Versions**
Prosody versions prior to 0.11.9
**Description**
An issue in Prosody allows an attacker to potentially reveal the contents of secret strings through a timing attack. This is due to the use of a non-constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. The vulnerability can be exploited by a remote attacker to gain access to confidential data.
**Recommendations**
For versions prior to 0.11.9, update to version 0.11.9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update can be applied.