Total vulnerabilities in the database
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
| Software | From | Fixed in |
|---|---|---|
| gnu / mailman | 2.1.5 | 2.1.5.x |
| gnu / mailman | 2.1.3 | 2.1.3.x |
| gnu / mailman | 2.1.2 | 2.1.2.x |
| gnu / mailman | 2.1 | 2.1.x |
| gnu / mailman | 2.1b1 | 2.1b1.x |
| gnu / mailman | 2.1.1 | 2.1.1.x |
| gnu / mailman | 2.1.4 | 2.1.4.x |