CVE-2021-20247 log

Severity High
Remote Yes
Type Directory traversal
A security issue was found in isync/mbsync before versions 1.3.5 and 1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur, allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel.
Group Package Affected Fixed Severity Status Ticket
AVG-1598 isync 1.3.3-1 1.3.5-1 High Fixed
Date Advisory Group Package Severity Type
27 Feb 2021 ASA-202102-38 AVG-1598 isync High directory traversal