SecuritySpace - CVE-2015-20107

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID:	CVE-2015-20107
Description:	In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
Test IDs:	1.3.6.1.4.1.25623.1.0.821425 1.3.6.1.4.1.25623.1.0.820774 1.3.6.1.4.1.25623.1.0.113931 1.3.6.1.4.1.25623.1.1.4.2022.2166.1 1.3.6.1.4.1.25623.1.1.2.2022.2144 1.3.6.1.4.1.25623.1.1.4.2022.2248.1 1.3.6.1.4.1.25623.1.1.2.2022.2008 1.3.6.1.4.1.25623.1.0.854801 1.3.6.1.4.1.25623.1.0.820757 1.3.6.1.4.1.25623.1.1.2.2022.2099 1.3.6.1.4.1.25623.1.0.820752 1.3.6.1.4.1.25623.1.0.854773 1.3.6.1.4.1.25623.1.0.820754 1.3.6.1.4.1.25623.1.1.4.2022.2357.1 1.3.6.1.4.1.25623.1.0.833512 1.3.6.1.4.1.25623.1.1.1.2.2023.3432 1.3.6.1.4.1.25623.1.0.854802 1.3.6.1.4.1.25623.1.0.820745 1.3.6.1.4.1.25623.1.0.820783 1.3.6.1.4.1.25623.1.1.2.2023.1577 1.3.6.1.4.1.25623.1.1.2.2022.2362 1.3.6.1.4.1.25623.1.0.820747 1.3.6.1.4.1.25623.1.1.2.2022.2804 1.3.6.1.4.1.25623.1.0.821427 1.3.6.1.4.1.25623.1.0.820796 1.3.6.1.4.1.25623.1.0.113932 1.3.6.1.4.1.25623.1.0.820762 1.3.6.1.4.1.25623.1.1.2.2022.2632 1.3.6.1.4.1.25623.1.1.4.2022.2147.1 1.3.6.1.4.1.25623.1.1.4.2022.2249.1 1.3.6.1.4.1.25623.1.0.820746 1.3.6.1.4.1.25623.1.1.2.2022.2398 1.3.6.1.4.1.25623.1.0.820759 1.3.6.1.4.1.25623.1.1.9.2023.10010010010119110104 1.3.6.1.4.1.25623.1.0.845442 1.3.6.1.4.1.25623.1.0.820789 1.3.6.1.4.1.25623.1.0.820749 1.3.6.1.4.1.25623.1.1.2.2022.2169 1.3.6.1.4.1.25623.1.1.2.2023.2214 1.3.6.1.4.1.25623.1.0.821421 1.3.6.1.4.1.25623.1.1.9.2023.997291009798101981 1.3.6.1.4.1.25623.1.0.821414 1.3.6.1.4.1.25623.1.0.821415 1.3.6.1.4.1.25623.1.0.821403 1.3.6.1.4.1.25623.1.1.4.2022.2344.1 1.3.6.1.4.1.25623.1.0.820771 1.3.6.1.4.1.25623.1.0.113930 1.3.6.1.4.1.25623.1.1.2.2022.1978 1.3.6.1.4.1.25623.1.1.1.2.2023.3477 1.3.6.1.4.1.25623.1.0.821417 1.3.6.1.4.1.25623.1.1.2.2023.1587 1.3.6.1.4.1.25623.1.0.821407
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2015-20107 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/ https://security.gentoo.org/glsa/202305-02 https://bugs.python.org/issue24778 https://github.com/python/cpython/issues/68966 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html