MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Mldonkey |
Mldonkey |
* |
2.8.7 (including) |
References