Description
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
Remediation
References
Related Vulnerabilities
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-1921)
ownCloud Improper Access Control Vulnerability (CVE-2016-9468)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8114)
WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.3.7)
WordPress Plugin Occasions Cross-Site Request Forgery (1.0.4)