CVE-2018-13796: Input Validation

Reference Links

• https://bugs.launchpad.net/mailman/+bug/1780874
• https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
• https://security.gentoo.org/glsa/201904-10
• https://usn.ubuntu.com/4348-1/
• https://www.mail-archive.com/mailman-users@python.org/msg71003.html
• https://launchpad.net/bugs/cve/CVE-2018-13796
• https://www.mail-archive.com/mailman-users%40python.org/msg71003.html
• https://mail.python.org/pipermail/mailman-users/2018-July/083536.html
• https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1796
• https://bugs.launchpad.net/mailman/+bug/1783417
• https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1798
• https://security-tracker.debian.org/tracker/CVE-2018-13796
• https://ubuntu.com/security/notices/USN-4348-1
• https://www.cve.org/CVERecord?id=CVE-2018-13796
• https://nvd.nist.gov/vuln/detail/CVE-2018-13796
• https://ubuntu.com/security/CVE-2018-13796

Parent vulnerabilities

(Appears in the following advisories)

• USN-4348-1

Frequently Asked Questions

• What is the vulnerability ID of this issue?

  The vulnerability ID of this issue is CVE-2018-13796.

• What is the severity level of CVE-2018-13796?

  The severity level of CVE-2018-13796 is medium.

• What is the affected software version range for CVE-2018-13796?

  The affected software version range for CVE-2018-13796 is from GNU Mailman before 2.1.28.

• How can a crafted URL exploit CVE-2018-13796?

  A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site, exploiting CVE-2018-13796.

• Where can I find more information about CVE-2018-13796?

  More information about CVE-2018-13796 can be found at the following references: [link1] [link2] [link3].