Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
2015-04-13T14:59:02.397
2025-04-12T10:46:40.837
Deferred
CVSSv2: 7.6 (HIGH)
AV:N/AC:H/Au:N/C:C/I:C/A:C
4.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.10 | Yes |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | redhat | enterprise_linux | 7.0 | Yes |
| Application | gnu | mailman | ≤ 2.1.19 | Yes |