CVE - CVE-2015-20107

CVE-ID
CVE-2015-20107	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html CONFIRM:https://security.netapp.com/advisory/ntap-20220616-0001/ FEDORA:FEDORA-2022-0be85556b4 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/ FEDORA:FEDORA-2022-1358cedf2d URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/ FEDORA:FEDORA-2022-17a1bb7e78 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/ FEDORA:FEDORA-2022-20e87fb0d1 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/ FEDORA:FEDORA-2022-2e1d1205cf URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/ FEDORA:FEDORA-2022-4a69d20cf4 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/ FEDORA:FEDORA-2022-4b0dfda810 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/ FEDORA:FEDORA-2022-4c788bdc40 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/ FEDORA:FEDORA-2022-5ad25e3d3c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/ FEDORA:FEDORA-2022-5ea8aa7518 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/ FEDORA:FEDORA-2022-79843dfb3c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/ FEDORA:FEDORA-2022-9cd41b6709 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/ FEDORA:FEDORA-2022-9da5703d22 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/ FEDORA:FEDORA-2022-9dd70781cb URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/ FEDORA:FEDORA-2022-a8e50dc83e URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/ FEDORA:FEDORA-2022-b499f2a9c6 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/ FEDORA:FEDORA-2022-ce55d01569 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/ FEDORA:FEDORA-2022-cece1d07d9 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/ FEDORA:FEDORA-2022-d157a91e10 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/ FEDORA:FEDORA-2022-d1682fef04 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/ FEDORA:FEDORA-2022-dbe9a8f9ac URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/ FEDORA:FEDORA-2022-ec74ac4079 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/ GENTOO:GLSA-202305-02 URL:https://security.gentoo.org/glsa/202305-02 MISC:https://bugs.python.org/issue24778 MISC:https://github.com/python/cpython/issues/68966 MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html MLIST:[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
Assigning CNA
MITRE Corporation
Date Record Created
20220413	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20220413)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)