Description
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
Remediation
References
Related Vulnerabilities
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2022-22005)
WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.3.0)
Apache Tomcat Off-by-one Error Vulnerability (CVE-2023-28709)
WordPress Plugin Newsletter-Send awesome emails from WordPress Multiple Vulnerabilities (6.8.1)
Oracle Database Server CVE-2012-0525 Vulnerability (CVE-2012-0525)