getmail versions 3.2.5 and version 4 releases prior to 4.2.0 suffer from a symbolic link vulnerability that allows for privilege escalation.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/34431/getmailroot.txt
Source: https://packetstormsecurity.com/files/34431/getmailroot.txt.html