{"id":"CVE-2020-18985","details":"An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.","modified":"2026-04-10T04:24:02.559422Z","published":"2021-12-15T23:15:08.740Z","references":[{"type":"REPORT","url":"https://github.com/buxu/bug/issues/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-build","events":[{"introduced":"0"},{"last_affected":"a3f5dae50fd9c34d9802c5fb2783dd130a600eff"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.8.12-NA"}]}}],"versions":["8.7.10","8.7.11","8.7.6","8.7.7","8.7.9","8.8.0.beta1","8.8.10","8.8.12","8.8.2","8.8.3","8.8.4","8.8.6","8.8.7","8.8.8","8.8.9","8.8.9.p1","8.8.9.p3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-18985.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}