Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

Source

Severity Medium

Remote Yes

Type Denial of service

Description

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

AVG-2375 postorius 1.3.4-2 Medium Vulnerable

https://gitlab.com/mailman/postorius/-/issues/531
https://phabricator.wikimedia.org/T289798
https://gitlab.com/mailman/postorius/-/commit/0de3cdcdad974af76a9e197d2b9a46dfb2303bc8

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect