CVE-2015-2775
published 2015-04-13CVE-2015-2775: Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot…
high7.6CVSS 3.1
AVNACHAuNCCICAC
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| gnu | mailman | <= 2.1.19 | — |
| gnu | mailman | >= 0 < 1:2.1.16-2ubuntu0.1 | 1:2.1.16-2ubuntu0.1 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvd7.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH