CVE-2020-12137 vulnerability in GNU and Other Products
Published on April 24, 2020

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-12137

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-12137 are published in these products:

GNU Mailman

Debian Linux

Canonical Ubuntu Linux

Fedora Project Fedora

OpenSuse Leap

OpenSuse Backports Sle

Exploit Probability

EPSS

5.22%

Percentile

89.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-12137 vulnerability in GNU and Other ProductsPublished on April 24, 2020

Products Associated with CVE-2020-12137

Exploit Probability

CVE-2020-12137 vulnerability in GNU and Other Products
Published on April 24, 2020