CVE-2020-12137

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

Source: CVE-2020-12137

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다