PT-2020-13039 · Gnu+7 · Gnu Mailman+7

Mark Sapiro

Published

2020-05-06

Updated

2021-12-02

CVE-2020-12108

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GNU Mailman versions prior to 2.1.31

Description The issue allows for Arbitrary Content Injection through the /options/mailman endpoint.

Recommendations For GNU Mailman versions prior to 2.1.31, update to version 2.1.31 or later to resolve the issue.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALT-PU-2020-2129

ALT-PU-2021-2036

ALT-PU-2021-2340

CESA-2021_1751

CVE-2020-12108

DLA-2204-1

DLA-2276-1

DSA-4991-1

MGASA-2020-0276

OESA-2021-1405

OPENSUSE-SU-2020:0661-1

OPENSUSE-SU-2020:0764-1

OPENSUSE-SU-2020:1707-1

OPENSUSE-SU-2020:1752-1

OPENSUSE-SU-2020_0661-1

OPENSUSE-SU-2020_1707-1

RHSA-2021:1751

RHSA-2021_1751

RLSA-2021:1751

SUSE-SU-2020:1301-1

SUSE-SU-2020_1301-1

USN-4354-1

USN-5121-2

Affected Products

Alt Linux

Centos

Gnu Mailman

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-13039 · Gnu+7 · Gnu Mailman+7

CVE-2020-12108

Weakness Enumeration

Related Identifiers

Affected Products

References · 64