CVE-2015-20107

Name
CVE-2015-20107
Description
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/python/cpython/issues/68966
MISC https://bugs.python.org/issue24778

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= None <= 3.10.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status