Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2015-20107

Published: August 31, 2023Last modified: August 31, 2023

Description

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Severity score breakdown

ParameterValue
Base score7.6
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactHIGH
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSpython3Not affected (3.11.5-r0)
Streampython3Not affected (3.11.5-r0)

References

ON THIS PAGE