CVE-2021-20247 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Directory traversal
Description	A security issue was found in isync/mbsync before versions 1.3.5 and 1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur, allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1598	isync	1.3.3-1	1.3.5-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
27 Feb 2021	ASA-202102-38	AVG-1598	isync	High	directory traversal

References
https://www.openwall.com/lists/oss-security/2021/02/22/1 https://sourceforge.net/p/isync/isync/ci/fe5d59f8e3169944e57eb1c60155c9ebd4912d48/