Kevin Israel

**Name of the Vulnerable Software and Affected Versions** GNU Mailman Postorius versions prior to 1.3.5 **Description** An issue was discovered in `views/list.py` in GNU Mailman Postorius. An attacker, logged into any account, can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. **Recommendations** For versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `views/list.py` module to minimize the risk of exploitation. Avoid using the vulnerable functionality in `views/list.py` until the issue is resolved.