Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and previous versions allows remote malicious users to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu mailman 2.1.4 |
||
gnu mailman 2.1.5 |
||
gnu mailman 2.1b1 |
||
gnu mailman 2.1.2 |
||
gnu mailman 2.1.3 |
||
gnu mailman 2.1 |
||
gnu mailman 2.1.1 |