VDB
GSD-2022-40153
GSD-2022-40153
PUBLISHED
Reported by mitre · Published April 13, 2022
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | * |
Timeline
- Apr 13, 2022 CVE Published
- Jun 9, 2023 PoC Published
- Jul 15, 2023 PoC Published
- Nov 4, 2023 PoC Published
- Dec 8, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Apr 5, 2024 PoC Published
- Jul 17, 2024 PoC Published
- Feb 13, 2025 PoC Published
- Mar 28, 2025 PoC Published
- May 9, 2025 PoC Published
- Sep 30, 2025 PoC Published
References
- FEDORA-2022-5ad25e3d3c vendor-advisory
- FEDORA-2022-cece1d07d9 vendor-advisory
- FEDORA-2022-2e1d1205cf vendor-advisory
- FEDORA-2022-4b0dfda810 vendor-advisory
- FEDORA-2022-1358cedf2d vendor-advisory
- FEDORA-2022-0be85556b4 vendor-advisory
- FEDORA-2022-a8e50dc83e vendor-advisory
- FEDORA-2022-4c788bdc40 vendor-advisory
- FEDORA-2022-9da5703d22 vendor-advisory
- FEDORA-2022-4a69d20cf4 vendor-advisory
- FEDORA-2022-5ea8aa7518 vendor-advisory
- FEDORA-2022-ec74ac4079 vendor-advisory
- FEDORA-2022-17a1bb7e78 vendor-advisory
- FEDORA-2022-dbe9a8f9ac vendor-advisory
- FEDORA-2022-9dd70781cb vendor-advisory
- FEDORA-2022-20e87fb0d1 vendor-advisory
- FEDORA-2022-9cd41b6709 vendor-advisory
…and 10 more