VDB

CVE-2015-20107

CVE-2015-20107 PUBLISHED

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

EPSS 0.87% · 75.5th percentile

Risk Scores

EPSS Score
0.87%
75.5th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:20.04:LTSpython3.9*, 0, 3.9.0~rc1-1~20.04
Ubuntu:18.04:LTSpython3.63.6.4-1, *, *
Ubuntu:18.04:LTSpython2.7*, *, *
Ubuntu:22.04:LTSpython2.70, 2.7.18-8build1, 2.7.18-13
Ubuntu:Pro:16.04:LTSpython2.7*, 2.7.10-4ubuntu2, 2.7.11-2
Ubuntu:Pro:16.04:LTSpython3.53.5.1-2, 3.5.1-5, 3.5.1-6ubuntu2
Ubuntu:Pro:14.04:LTSpython2.72.7.6-8ubuntu0.6+esm9, 0, 2.7.5-8ubuntu3
Ubuntu:Pro:14.04:LTSpython3.50, 3.5.2-2ubuntu0~16.04.4~14.04.1
Ubuntu:20.04:LTSpython2.7*, 2.7.17-1, 2.7.17-1ubuntu5
Ubuntu:Pro:18.04:LTSpython3.83.8.0-3~18.04, 3.8.0-3~18.04.1, 3.8.0-3ubuntu1~18.04.2
Ubuntu:22.04:LTSpython3.103.10.0-2, 3.10.0-4, 3.10.0-5
Ubuntu:Pro:18.04:LTSpython3.73.7.5-2ubuntu1~18.04.2+esm1, 3.7.5-2ubuntu1~18.04.2, 3.7.5-2~18.04.4
Ubuntu:20.04:LTSpython3.8*, 3.8.0-1, 3.8.0-2
Ubuntu:Pro:14.04:LTSpython3.43.4.3-1ubuntu1~14.04.7+esm7, 3.4.3-1ubuntu1~14.04.7+esm10, 3.4.3-1ubuntu1~14.04.7+esm11

Timeline

  • Apr 13, 2022 CVE Published
  • Apr 14, 2022 EPSS Score
  • Jun 3, 2022 EPSS Score
  • Jun 20, 2022 EPSS Score
  • Jul 24, 2022 EPSS Score
  • Nov 2, 2022 EPSS Score
  • Nov 13, 2022 EPSS Score
  • Dec 28, 2022 EPSS Score
  • Feb 10, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 1, 2023 EPSS Score
  • May 21, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›