PT-2022-3252 · Python+11 · Python+11

Bernd Dietzel

Published

2015-08-02

Updated

2026-05-18

CVE-2015-20107

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.10.8 Python versions 3.7, 3.8, 3.9

Description The issue is related to insufficient argument validation in the mailcap module of the Python interpreter. This may allow a remote attacker to inject shell commands into applications that use the mailcap.findmatch function with untrusted input, such as unvalidated user-provided filenames or arguments.

Recommendations For Python versions prior to 3.10.8, update to version 3.10.8 or later to resolve the issue. For Python versions 3.7, 3.8, 3.9, apply the back-ported fix to resolve the issue. As a temporary workaround, consider validating user-provided filenames and arguments before passing them to the mailcap.findmatch function to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

ALSA-2022:6457

ALSA-2022:7581

ALSA-2022:7592

ALSA-2022:7593

ALSA-2022:8353

ALT-PU-2022-2066

ALT-PU-2022-3044

ALT-PU-2022-3282

ALT-PU-2023-1518

ALT-PU-2023-4581

ALT-PU-2024-2598

ALT-PU-2024-3474

AZL-9417

BDU:2022-03962

CESA-2022_6457

CESA-2022_7581

CESA-2022_7592

CESA-2022_7593

CLEANSTART-2026-BM51903

CLEANSTART-2026-SY44974

CLEANSTART-2026-WV76464

CVE-2015-20107

DLA-3432-1

DLA-3477-1

DLA-3980-1

MGASA-2022-0359

MGASA-2022-0367

OESA-2022-1653

OPENSUSE-SU-2022_2174-1

OPENSUSE-SU-2022_2291-1

OPENSUSE-SU-2022_2344-1

OPENSUSE-SU-2022_2357-1

OPENSUSE-SU-2024:12143-1

OPENSUSE-SU-2024:12150-1

OPENSUSE-SU-2024:12152-1

PSF-2022-1

RHSA-2022:6457

RHSA-2022:6766

RHSA-2022:7581

RHSA-2022:7592

RHSA-2022:7593

RHSA-2022:8353

RHSA-2022_6457

RHSA-2022_7581

RHSA-2022_7592

RHSA-2022_7593

RHSA-2022_8353

RLSA-2022:7581

RLSA-2022:7592

RLSA-2022:7593

RLSA-2022:8353

ROSA-SA-2025-2669

SUSE-SU-2022:2147-1

SUSE-SU-2022:2166-1

SUSE-SU-2022:2174-1

SUSE-SU-2022:2248-1

SUSE-SU-2022:2249-1

SUSE-SU-2022:2291-1

SUSE-SU-2022:2344-1

SUSE-SU-2022:2351-1

SUSE-SU-2022:2357-1

SUSE-SU-2022:2357-2

SUSE-SU-2022_2147-1

SUSE-SU-2022_2166-1

SUSE-SU-2022_2174-1

SUSE-SU-2022_2248-1

SUSE-SU-2022_2249-1

SUSE-SU-2022_2291-1

SUSE-SU-2022_2344-1

SUSE-SU-2022_2351-1

SUSE-SU-2022_2357-1

SUSE-SU-2023:0707-1

SUSE-SU-2023:0748-1

SUSE-SU-2023_0707-1

USN-5519-1

USN-5888-1

USN-6891-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Python

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-3252 · Python+11 · Python+11

CVE-2015-20107

Weakness Enumeration

Related Identifiers

Affected Products

References · 267