AZL-7195 CVE-2021-29157 affecting package dovecot for versions less than 2.3.20-1
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...