QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2015-20107

Back to search

CVE-2015-20107

Published: Apr 13, 2022

Modified: Nov 3, 2025

PUBLISHED

Description

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

VendorProductVersions

n/a

n/a

affected
n/a

References

FEDORA-2022-5ad25e3d3c
vendor-advisory
FEDORA-2022-cece1d07d9
vendor-advisory
FEDORA-2022-2e1d1205cf
vendor-advisory
FEDORA-2022-4b0dfda810
vendor-advisory
FEDORA-2022-1358cedf2d
vendor-advisory
FEDORA-2022-0be85556b4
vendor-advisory
FEDORA-2022-a8e50dc83e
vendor-advisory
FEDORA-2022-4c788bdc40
vendor-advisory
FEDORA-2022-9da5703d22
vendor-advisory
FEDORA-2022-4a69d20cf4
vendor-advisory
FEDORA-2022-5ea8aa7518
vendor-advisory
FEDORA-2022-ec74ac4079
vendor-advisory
FEDORA-2022-17a1bb7e78
vendor-advisory
FEDORA-2022-dbe9a8f9ac
vendor-advisory
FEDORA-2022-9dd70781cb
vendor-advisory
FEDORA-2022-20e87fb0d1
vendor-advisory
FEDORA-2022-9cd41b6709
vendor-advisory
FEDORA-2022-d157a91e10
vendor-advisory
FEDORA-2022-ce55d01569
vendor-advisory
FEDORA-2022-b499f2a9c6
vendor-advisory
FEDORA-2022-d1682fef04
vendor-advisory
FEDORA-2022-79843dfb3c
vendor-advisory
GLSA-202305-02
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now