Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via “…/…///” sequences, which are not properly cleansed by regular expressions that are intended to remove “…/” and “./” sequences.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | all | mailman | < 2.1.5-6 | mailman_2.1.5-6_all.deb |