Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2015-20107] CVE-2015-20107 Vulnerability Is Found in Python #91871

Closed
dymc1987 opened this issue Apr 24, 2022 · 4 comments
Closed

[CVE-2015-20107] CVE-2015-20107 Vulnerability Is Found in Python #91871

dymc1987 opened this issue Apr 24, 2022 · 4 comments
Labels
type-security A security issue

Comments

@dymc1987
Copy link

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).
@sweeneyde
Copy link
Member

Duplicate of #68966?

@auvipy
Copy link

auvipy commented Apr 24, 2022

probably a duplicate & related fix #91542

@AlexWaygood AlexWaygood added the type-security A security issue label Apr 24, 2022
@kalashnlkov
Copy link

Duplicate of #68966?

this description seems coming from NVD https://nvd.nist.gov/vuln/detail/CVE-2015-20107.
it‘s duplicate for sure.

@ericvsmith
Copy link
Member

Closing in favor of #68966.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ericvsmith @auvipy @kalashnlkov @sweeneyde @dymc1987 @AlexWaygood