Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-20107

Опубликовано: 13 апр. 2022
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 8
CVSS3: 7.6

Описание

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

РелизСтатусПримечание
bionic

released

2.7.17-1~18.04ubuntu1.8
devel

DNE

esm-apps/focal

released

2.7.18-1~20.04.3
esm-apps/jammy

released

2.7.18-13ubuntu1.1
esm-infra-legacy/trusty

not-affected

2.7.6-8ubuntu0.6+esm11
esm-infra/bionic

not-affected

2.7.17-1~18.04ubuntu1.8
esm-infra/xenial

released

2.7.12-1ubuntu0~16.04.18+esm2
focal

released

2.7.18-1~20.04.3
impish

released

2.7.18-8ubuntu0.2
jammy

released

2.7.18-13ubuntu1.1

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra/focal

DNE

focal

DNE

impish

ignored

end of life
jammy

released

3.10.4-3ubuntu0.1
kinetic

not-affected

3.10.6-1
lunar

DNE

mantic

DNE

noble

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

3.4.3-1ubuntu1~14.04.7+esm13
esm-infra/focal

DNE

focal

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

3.5.2-2ubuntu0~16.04.4~14.04.1+esm1
esm-infra/focal

DNE

esm-infra/xenial

released

3.5.2-2ubuntu0~16.04.13+esm3
focal

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

Показывать по

РелизСтатусПримечание
bionic

released

3.6.9-1~18.04ubuntu1.8
devel

DNE

esm-infra/bionic

not-affected

3.6.9-1~18.04ubuntu1.8
esm-infra/focal

DNE

focal

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

esm-apps/bionic

released

3.7.5-2ubuntu1~18.04.2+esm3
esm-infra/focal

DNE

focal

DNE

impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

esm-apps/bionic

released

3.8.0-3ubuntu1~18.04.2+esm2
esm-infra/focal

not-affected

3.8.10-0ubuntu1~20.04.5
focal

released

3.8.10-0ubuntu1~20.04.5
impish

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/focal

released

3.9.5-3ubuntu0~20.04.1+esm1
focal

ignored

end of standard support, was needed
impish

released

3.9.7-2ubuntu0.1
jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

noble

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 78%
0.01218
Низкий

8 High

CVSS2

7.6 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-20107

CVSS3: 7.6
redhat
почти 10 лет назад

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

nvd логотип

CVE-2015-20107

CVSS3: 7.6
nvd
около 3 лет назад

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

msrc логотип

CVE-2015-20107

CVSS3: 7.6
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2015-20107

CVSS3: 7.6
debian
около 3 лет назад

In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...

suse-cvrf логотип

SUSE-SU-2022:2357-1

suse-cvrf
почти 3 года назад

Security update for python3

EPSS

Процентиль: 78%
0.01218
Низкий

8 High

CVSS2

7.6 High

CVSS3

Уязвимость CVE-2015-20107