Firudin Davudzada

**Name of the Vulnerable Software and Affected Versions** GNU Mailman version 2.1.39 **Description** The issue allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. This occurs in certain external archiver configurations. **Recommendations** For GNU Mailman version 2.1.39, consider disabling the processing of email Subject lines that contain shell metacharacters until a patch is available. Restrict access to the email archiver module to minimize the risk of exploitation. Avoid using the email Subject line in the affected configurations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Mailman versions 2.1.39 **Description** The issue allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman, also known as the private archive authentication endpoint, using the `username` parameter. **Recommendations** For GNU Mailman version 2.1.39, as a temporary workaround, consider restricting access to the `/mailman/private/mailman` endpoint until a patch is available. Avoid using the `username` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Mailman version 2.1.39 **Description** GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the "/mailman/create" endpoint. **Recommendations** For GNU Mailman version 2.1.39, consider disabling access to the "/mailman/create" endpoint until a patch is available. Restricting access to this endpoint can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.