CVE-2018-13796
mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Se ha descubierto un problema en GNU Mailman en versiones anteriores a la 2.1.28. Una URL manipulada podría provocar que el texto arbitrario se muestre en una página web de un sitio fiable.
It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-10 CVE Reserved
- 2018-07-12 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://bugs.launchpad.net/mailman/+bug/1780874 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html | Mailing List |
|
| https://www.mail-archive.com/mailman-users%40python.org/msg71003.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201904-10 | 2023-11-07 | |
| https://usn.ubuntu.com/4348-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-13796 | 2020-03-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1609090 | 2020-03-31 |