Arbitrary Code Injection The advisory has been revoked - it doesn't affect any version of package mailman (opens in a new tab)

Threat Intelligence

0.12% (48^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UBUNTU1910-MAILMAN-583075
published6 May 2020
disclosed6 May 2020

Report a new vulnerability Found a mistake?

Introduced: 6 May 2020

CVE-2020-12108 (opens in a new tab) CWE-74 (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:19.10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mailman package and not the mailman package as distributed by Ubuntu.

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

References

http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-12108
https://bugs.launchpad.net/mailman/+bug/1873722
https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html
https://security-tracker.debian.org/tracker/CVE-2020-12108
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/
https://code.launchpad.net/mailman
https://mail.python.org/pipermail/mailman-announce/
https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html
https://usn.ubuntu.com/4354-1/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/
https://www.debian.org/security/2021/dsa-4991