CVE-2015-20107
python: mailcap: findmatch() function does not sanitize the second argument
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
En Python (también conocido como CPython) hasta la versión 3.10.8, el módulo mailcap no añade caracteres de escape en los comandos descubiertos en el archivo mailcap del sistema. Esto puede permitir a los atacantes inyectar comandos de shell en aplicaciones que llamen a mailcap.findmatch con entradas no confiables (si carecen de validación de los nombres de archivos o argumentos proporcionados por el usuario). La corrección también se ha aplicado a las versiones 3.7, 3.8 y 3.9
A command injection vulnerability was found in the Python mailcap module. The issue occurs due to not adding escape characters into the system mailcap file commands. This flaw allows attackers to inject shell commands into applications that call the mailcap.findmatch function with untrusted input.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-13 CVE Reserved
- 2022-04-13 CVE Published
- 2024-07-05 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (31)
URL | Tag | Source |
---|---|---|
https://github.com/python/cpython/issues/68966 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20220616-0001 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugs.python.org/issue24778 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.7.0 <= 3.7.15 Search vendor "Python" for product "Python" and version " >= 3.7.0 <= 3.7.15" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.8.0 <= 3.8.15 Search vendor "Python" for product "Python" and version " >= 3.8.0 <= 3.8.15" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.9.0 <= 3.9.15 Search vendor "Python" for product "Python" and version " >= 3.9.0 <= 3.9.15" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.10.0 < 3.10.8 Search vendor "Python" for product "Python" and version " >= 3.10.0 < 3.10.8" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | windows |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
|