CVE-2020-12108

nvd nist

Published: May 6, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

Affected (10)

Products: Gnu: Mailman · Debian: Debian Linux · Fedoraproject: Fedora · +2 more

Show all products

Gnu: Mailman · Debian: Debian Linux · Fedoraproject: Fedora · Opensuse: Backports Sle, Leap · Canonical: Ubuntu Linux

1 product

1 product

1 product

2 products

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Mailman	Before 2.1.31

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports Sle	Version 15.0 sp1
Opensuse Backports Sle	Version 15.0 sp2
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Related CWEs

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (24)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.launchpad.net/mailman/+bug/1873722

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://code.launchpad.net/mailman

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/

Source: cve@mitre.org

https://mail.python.org/pipermail/mailman-announce/

Source: cve@mitre.org

Release NotesThird Party Advisory

https://usn.ubuntu.com/4354-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2021/dsa-4991

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html