CVE-2015-20107 in Python정보

요약

\~에 의해 MITRE • 2022. 04. 13.

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2022. 04. 13.

공개

2022. 04. 13.

모더레이션

수락

항목

VDB-197283

CPE

준비됨

CWE

CWE-78 (확인됨)

CVSS

7.6 (NVD)

EPSS

0.00870

KEV

아니요

활동

매우 낮음

부문

Energy, Finance, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-20107
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-20107
CVE Details	https://www.cvedetails.com/cve/CVE-2015-20107/

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!