CVE-2021-20247
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-20247
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sourceforge mbsync 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sourceforge mbsync是美国Sourceforge社区的一个应用软件。提供同步远程IMAP邮箱和本地maildir样式的邮箱 mbsync v1.3.5 版本之前和 v1.4.1 版本之前存在路径遍历漏洞,该漏洞源于允许恶意或受攻击的服务器使用特殊制作的邮箱名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | isync/mbsync | before 1.35 | - |
II. Public POCs for CVE-2021-20247
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-20247
请登录查看更多情报信息。
Vendor Advisories for CVE-2021-20247 (1)
- https://bugzilla.redhat.com/show_bug.cgi?id=1928963x_refsource_MISC
Mailing List Discussions for CVE-2021-20247 (4)
- https://www.openwall.com/lists/oss-security/2021/02/22/1x_refsource_MISC
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXQLCK35QGRCRENRTGKJO4VVZGUXUJJ/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDEBZQJMWDW5JFK4NTHH6DAFNAZTESW/vendor-advisoryx_refsource_FEDORA
Same Patch Batch · n/a · 2021-02-23 · 56 CVEs total
| CVE-2020-28429 | 7.3 HIGH | Command Injection |
| CVE-2020-28587 | SoftMaker Office PlanMaker 缓冲区错误漏洞 | |
| CVE-2021-3405 | Matroska libebml 缓冲区错误漏洞 | |
| CVE-2021-3410 | libcaca 输入验证错误漏洞 | |
| CVE-2021-3407 | artifex mupdf 资源管理错误漏洞 | |
| CVE-2021-20182 | Red Hat openshift4/ose-docker-builder 安全漏洞 | |
| CVE-2021-20252 | Red Hat scale API Management Platform 输入验证错误漏洞 | |
| CVE-2020-27782 | Red Hat Undertow 资源管理错误漏洞 | |
| CVE-2020-8297 | Nextcloud Deck 安全漏洞 | |
| CVE-2021-22882 | UniFi Protect 资源管理错误漏洞 | |
| CVE-2021-22112 | Vmware VMware Spring Security 权限许可和访问控制问题漏洞 | |
| CVE-2020-7120 | Aruba ClearPass Policy Manager 安全漏洞 | |
| CVE-2021-26677 | Aruba ClearPass Policy Manager 安全漏洞 | |
| CVE-2021-26679 | Aruba ClearPass Policy Manager 命令注入漏洞 | |
| CVE-2021-26680 | Aruba ClearPass Policy Manager 命令注入漏洞 | |
| CVE-2021-27582 | MITREid Connect 安全漏洞 | |
| CVE-2021-26678 | Aruba ClearPass Policy Manager Prior 跨站脚本漏洞 | |
| CVE-2021-22651 | Luxion KeyShot 路径遍历漏洞 | |
| CVE-2021-20198 | Red Hat OpenShift Container Platform 访问控制错误漏洞 | |
| CVE-2021-26926 | JasPer 缓冲区错误漏洞 |
Showing top 20 of 56 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-9422
KLiK SocialMediaWebsite HTTP POST Request Parameter injectio - CVE-2026-9421
KLiK SocialMediaWebsite File upload.inc.php uniqid unrestric - CVE-2026-9420
KLiK SocialMediaWebsite HTTP GET Request Parameter injection - CVE-2026-9376
JPress UCenter Article Submission Endpoint doWriteSave impro - CVE-2026-9373
JeecgBoot OpenAPI Endpoint call improper authentication
Same weakness: CWE-20
- CVE-2026-26147
Azure Stack HCI Information Disclosure Vulnerability - CVE-2026-40411
Azure Virtual Network Gateway Remote Code Execution Vulnerab - CVE-2026-3294
Authentication Logic Vulnerability on Multiple TP-Link Range - CVE-2026-34207
TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames i - CVE-2026-44417
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS
V. Comments for CVE-2021-20247
No comments yet