Headline
CVE-2021-42096: Mailman 3 Mailman 2.1 security release - Mailman-announce - python.org
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.