{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-20107", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "url": "https://bugs.python.org/issue24778", "refsource": "MISC", "name": "https://bugs.python.org/issue24778" }, { "url": "https://github.com/python/cpython/issues/68966", "refsource": "MISC", "name": "https://github.com/python/cpython/issues/68966" }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220616-0001/", "url": "https://security.netapp.com/advisory/ntap-20220616-0001/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-5ad25e3d3c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-cece1d07d9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-2e1d1205cf", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-4b0dfda810", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-1358cedf2d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-0be85556b4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-a8e50dc83e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-4c788bdc40", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-9da5703d22", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-4a69d20cf4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-5ea8aa7518", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-ec74ac4079", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-17a1bb7e78", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-dbe9a8f9ac", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-9dd70781cb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-20e87fb0d1", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-9cd41b6709", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-d157a91e10", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-ce55d01569", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-b499f2a9c6", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-d1682fef04", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-79843dfb3c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/" }, { "refsource": "CONFIRM", "name": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html", "url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html" }, { "refsource": "GENTOO", "name": "GLSA-202305-02", "url": "https://security.gentoo.org/glsa/202305-02" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" } ] } }