Sign In

CVE-2015-20107

ADVISORY - nist

Summary

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

EPSS Score: 0.00865 (0.742)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADVISORY - redhat

CWE-20

Improper Input Validation

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in