CVE-2015-20107

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-20107

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-20107.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-20107

Aliases

PSF-2022-1

Downstream

ALPINE-CVE-2015-20107

DEBIAN-CVE-2015-20107

DLA-3432-1

DLA-3477-1

DLA-3980-1

OESA-2022-1653

RHSA-2022:6457

RHSA-2022:6766

RHSA-2022:7581

RHSA-2022:7592

RHSA-2022:7593

RHSA-2022:8353

SUSE-SU-2022:2147-1

SUSE-SU-2022:2166-1

SUSE-SU-2022:2174-1

SUSE-SU-2022:2248-1

SUSE-SU-2022:2249-1

SUSE-SU-2022:2291-1

SUSE-SU-2022:2344-1

SUSE-SU-2022:2351-1

SUSE-SU-2022:2357-1

SUSE-SU-2022:2357-2

SUSE-SU-2023:0707-1

SUSE-SU-2023:0748-1

UBUNTU-CVE-2015-20107

USN-5519-1

USN-5888-1

USN-6891-1

openSUSE-SU-2024:12143-1

openSUSE-SU-2024:12150-1

openSUSE-SU-2024:12152-1

Related

Published

2022-04-13T16:15:08Z

Modified

2025-08-09T19:01:29Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator

Summary

[none]

Details

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

References

Affected packages