Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-20107

Опубликовано: 13 апр. 2022
Источник: debian
EPSS Низкий

Описание

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.10fixed3.10.6-1package
python3.9removedpackage
python3.7removedpackage
python3.5removedpackage
python3.5no-dsastretchpackage
python2.7unfixedpackage
python2.7ignoredbullseyepackage
python2.7no-dsastretchpackage

Примечания

  • https://bugs.python.org/issue24778

  • https://github.com/python/cpython/issues/68966

  • https://github.com/python/cpython/pull/91993

EPSS

Процентиль: 78%
0.01218
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-20107

CVSS3: 7.6
ubuntu
около 3 лет назад

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

redhat логотип

CVE-2015-20107

CVSS3: 7.6
redhat
почти 10 лет назад

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

nvd логотип

CVE-2015-20107

CVSS3: 7.6
nvd
около 3 лет назад

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

msrc логотип

CVE-2015-20107

CVSS3: 7.6
msrc
около 3 лет назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2022:2357-1

suse-cvrf
почти 3 года назад

Security update for python3

EPSS

Процентиль: 78%
0.01218
Низкий