Уязвимость CVE-2020-12137

Релиз	Статус	Примечание
bionic	released	1:2.1.26-1ubuntu0.1
devel	DNE
eoan	ignored	end of life
esm-apps/focal	released	1:2.1.29-1ubuntu3.1
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	1:2.1.26-1ubuntu0.1
esm-infra/xenial	released	1:2.1.20-1ubuntu0.4
focal	released	1:2.1.29-1ubuntu3.1
groovy	DNE
hirsute	DNE

CVE-2020-12137

CVSS3: 6.1

redhat

почти 6 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

CVE-2020-12137

CVSS3: 6.1

nvd

почти 6 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

CVE-2020-12137

CVSS3: 6.1

debian

почти 6 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...

SUSE-SU-2020:14356-1

suse-cvrf

почти 6 лет назад

Security update for mailman

GHSA-7mvx-jp9h-p8gh

CVSS3: 6.1

github

больше 3 лет назад

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

exploitDog

CVE-2020-12137

Описание

Ссылки на источники

Связанные уязвимости

CVE-2020-12137

Описание

Пакет mailman

Ссылки на источники

Связанные уязвимости