CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS
Percentile
55.8%
In Python (aka CPython) up to 3.10.8, the mailcap module does not add
escape characters into commands discovered in the system mailcap file. This
may allow attackers to inject shell commands into applications that call
mailcap.findmatch with untrusted input (if they lack validation of
user-provided filenames or arguments). The fix is also back-ported to 3.7,
3.8, 3.9
Author | Note |
---|---|
leosilva | patch was proposed in cpython Lib/mailcap.py but not merged yet. it sounds a better approach was PR to fix that issue, but still not merged yet. there are plenty of discussions going on about proper ways to fix that issue, but none was accept yet that fix the issue and keep the software working properly. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python2.7 | < 2.7.17-1~18.04ubuntu1.8 | UNKNOWN |
ubuntu | 20.04 | noarch | python2.7 | < 2.7.18-1~20.04.3 | UNKNOWN |
ubuntu | 21.10 | noarch | python2.7 | < 2.7.18-8ubuntu0.2 | UNKNOWN |
ubuntu | 22.04 | noarch | python2.7 | < 2.7.18-13ubuntu1.1 | UNKNOWN |
ubuntu | 22.10 | noarch | python2.7 | < 2.7.18-13ubuntu2 | UNKNOWN |
ubuntu | 14.04 | noarch | python2.7 | < 2.7.6-8ubuntu0.6+esm11 | UNKNOWN |
ubuntu | 16.04 | noarch | python2.7 | < 2.7.12-1ubuntu0~16.04.18+esm2 | UNKNOWN |
ubuntu | 22.04 | noarch | python3.10 | < 3.10.4-3ubuntu0.1 | UNKNOWN |
ubuntu | 14.04 | noarch | python3.4 | < 3.4.3-1ubuntu1~14.04.7+esm13 | UNKNOWN |
ubuntu | 14.04 | noarch | python3.5 | < 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1 | UNKNOWN |
github.com/python/cpython/pull/91542/commits/340251550897cb98ae83ad1040750d6300112e80
github.com/python/cpython/pull/91993
github.com/python/cpython/pull/98191
launchpad.net/bugs/cve/CVE-2015-20107
mail.python.org/archives/list/[email protected]/thread/QDSXNCW77UGULFG2JMDFZQ7H4DIR32LA/
nvd.nist.gov/vuln/detail/CVE-2015-20107
security-tracker.debian.org/tracker/CVE-2015-20107
ubuntu.com/security/notices/USN-5519-1
ubuntu.com/security/notices/USN-5888-1
ubuntu.com/security/notices/USN-6891-1
www.cve.org/CVERecord?id=CVE-2015-20107
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS
Percentile
55.8%