Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via …/…./// sequences, which are not properly cleansed by regular expressions that are intended to remove ../ and ./ sequences.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mailman | Gnu | 2.1 (including) | 2.1 (including) |
Mailman | Gnu | 2.1.1 (including) | 2.1.1 (including) |
Mailman | Gnu | 2.1.2 (including) | 2.1.2 (including) |
Mailman | Gnu | 2.1.3 (including) | 2.1.3 (including) |
Mailman | Gnu | 2.1.4 (including) | 2.1.4 (including) |
Mailman | Gnu | 2.1.5 (including) | 2.1.5 (including) |
Mailman | Gnu | 2.1b1 (including) | 2.1b1 (including) |