Workflow

PyPi: Mailman

CVE-2015-2775

Safety vulnerability ID: 25881

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 13, 2015 Updated at Dec 05, 2024
Scan your Python projects for vulnerabilities →

Advisory

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Affected package

mailman

Latest version: 3.3.10

Mailman -- the GNU mailing list manager

Affected versions

Fixed versions

Vulnerability changelog

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.6

CVSS v2 Details

HIGH 7.6
Access Vector (AV)
NETWORK
Access Complexity (AC)
HIGH
Authentication (Au)
NONE
Confidentiality Impact (C)
COMPLETE
Integrity Impact (I)
COMPLETE
Availability Impact (A)
COMPLETE