cvelist/2015/20xxx/CVE-2015-20107.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-20107",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://bugs.python.org/issue24778",
                "refsource": "MISC",
                "name": "https://bugs.python.org/issue24778"
            },
            {
                "url": "https://github.com/python/cpython/issues/68966",
                "refsource": "MISC",
                "name": "https://github.com/python/cpython/issues/68966"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20220616-0001/",
                "url": "https://security.netapp.com/advisory/ntap-20220616-0001/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-5ad25e3d3c",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-cece1d07d9",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-2e1d1205cf",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-4b0dfda810",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-1358cedf2d",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-0be85556b4",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-a8e50dc83e",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-4c788bdc40",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-9da5703d22",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-4a69d20cf4",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-5ea8aa7518",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-ec74ac4079",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-17a1bb7e78",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-dbe9a8f9ac",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-9dd70781cb",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-20e87fb0d1",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-9cd41b6709",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-d157a91e10",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-ce55d01569",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-b499f2a9c6",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-d1682fef04",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-79843dfb3c",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html",
                "url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html"
            },
            {
                "refsource": "GENTOO",
                "name": "GLSA-202305-02",
                "url": "https://security.gentoo.org/glsa/202305-02"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
            }
        ]
    }
}
"-Synchronized-Data." 2022-04-13 16:01:46 +00:00			`{`
			`"CVE_data_meta": {`
			`"ASSIGNER": "cve@mitre.org",`
			`"ID": "CVE-2015-20107",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "n/a",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-11-21 17:00:36 +00:00			`"value": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9"`
"-Synchronized-Data." 2022-04-13 16:01:46 +00:00			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://bugs.python.org/issue24778",`
			`"refsource": "MISC",`
			`"name": "https://bugs.python.org/issue24778"`
			`},`
			`{`
			`"url": "https://github.com/python/cpython/issues/68966",`
			`"refsource": "MISC",`
			`"name": "https://github.com/python/cpython/issues/68966"`
"-Synchronized-Data." 2022-06-16 15:01:39 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://security.netapp.com/advisory/ntap-20220616-0001/",`
			`"url": "https://security.netapp.com/advisory/ntap-20220616-0001/"`
"-Synchronized-Data." 2022-06-19 03:01:38 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-5ad25e3d3c",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-cece1d07d9",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-2e1d1205cf",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-4b0dfda810",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-1358cedf2d",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-0be85556b4",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-a8e50dc83e",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-4c788bdc40",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/"`
"-Synchronized-Data." 2022-06-20 04:01:46 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-9da5703d22",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-4a69d20cf4",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/"`
"-Synchronized-Data." 2022-06-21 03:01:32 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-5ea8aa7518",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/"`
"-Synchronized-Data." 2022-06-26 03:00:49 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-ec74ac4079",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/"`
"-Synchronized-Data." 2022-07-08 04:00:48 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-17a1bb7e78",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-dbe9a8f9ac",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-9dd70781cb",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-20e87fb0d1",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-9cd41b6709",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-d157a91e10",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-ce55d01569",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-b499f2a9c6",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/"`
"-Synchronized-Data." 2022-11-09 14:00:35 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-d1682fef04",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"`
"-Synchronized-Data." 2022-11-14 15:00:34 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-79843dfb3c",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"`
"-Synchronized-Data." 2022-11-21 17:00:36 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html",`
			`"url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html"`
"-Synchronized-Data." 2023-05-03 11:00:35 +00:00			`},`
			`{`
			`"refsource": "GENTOO",`
			`"name": "GLSA-202305-02",`
			`"url": "https://security.gentoo.org/glsa/202305-02"`
"-Synchronized-Data." 2023-05-24 21:00:37 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"`
"-Synchronized-Data." 2023-06-30 23:00:39 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"`
"-Synchronized-Data." 2022-04-13 16:01:46 +00:00			`}`
			`]`
			`}`
			`}`