Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.02731
Percentile: 0.85343

CVSS Scoring

Affected Products

• cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
• cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*

← Back to Home