{
  "threat_severity" : "Moderate",
  "public_date" : "2015-08-02T00:00:00Z",
  "bugzilla" : {
    "description" : "python: mailcap: findmatch() function does not sanitize the second argument",
    "id" : "2075390",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2075390"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-20->CWE-77",
  "details" : [ "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9", "A command injection vulnerability was found in the Python mailcap module. The issue occurs due to not adding escape characters into the system mailcap file commands. This flaw allows attackers to inject shell commands into applications that call the mailcap.findmatch function with untrusted input." ],
  "statement" : "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-09-13T00:00:00Z",
    "advisory" : "RHSA-2022:6457",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python3-0:3.6.8-47.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7581",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python38:3.8-8070020220916150349.bd194b04"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7581",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python38-devel:3.8-8070020220916150349.bd194b04"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7592",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python39:3.9-8070020220916150556.be1f0497"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7592",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python39-devel:3.9-8070020220916150556.be1f0497"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7593",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python27:2.7-8070020220617114255.056aacbc"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-09-13T00:00:00Z",
    "advisory" : "RHSA-2022:6457",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "python3-0:3.6.8-47.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8353",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "python3.9-0:3.9.14-1.el9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8353",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "python3.9-0:3.9.14-1.el9"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2022-10-03T00:00:00Z",
    "advisory" : "RHSA-2022:6766",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python38-python-0:3.8.14-1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "python3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "gimp:flatpak/python2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "inkscape:flatpak/python2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python36:3.6/python36",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "python27",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-20107\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-20107\nhttps://python-security.readthedocs.io/vuln/mailcap-shell-injection.html" ],
  "name" : "CVE-2015-20107",
  "mitigation" : {
    "value" : "Users should upgrade to the latest version. If this is not possible and the affected version of the Python mailcap module has to be used then applications that use mailcap module should verify user input before passing it to the mailcap module, and the returned command before executing it.",
    "lang" : "en:us"
  },
  "csaw" : false
}