Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html below:

mailcap shell command injection — Python Security 0.0 documentation

The mailcap module is vulnerable to shell code injection in filenames. If the filename contains a shell command, it will be executed if it is passed to os.system() as described in the documentation.

To prevent security issues with shell metacharacters (symbols that have special effects in a shell command line), the mailcap.findmatch() function now refuses to inject ASCII characters other than alphanumerics and @+=:,./-_ into the returned command line.

Dates:

• Disclosure date: 2015-08-02 (Python issue bpo-24778 reported)

• Python 3.7.16 (2022-12-06) fixed by commit 6e8e9e7 (branch 3.7) (2022-10-11)

• Python 3.8.16 (2022-12-06) fixed by commit 0a4f650 (branch 3.8) (2022-10-11)

• Python 3.9.16 (2022-12-06) fixed by commit c59a16e (branch 3.9) (2022-10-11)

• Python 3.10.8 (2022-10-11) fixed by commit 96739bc (branch 3.10) (2022-09-20)

• Python 3.11.0 (2022-10-24) fixed by commit fae93ab (branch 3.11) (2022-06-03)

[CVE-2015-20107] mailcap.findmatch: document shell command Injection danger in filename parameter.

• Python issue: bpo-24778

• Creation date: 2015-08-02

• Reporter: Bernd Dietzel

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).

• CVE ID: CVE-2015-20107

• Published: 2022-04-13

• CVSS Score: 10.0

Timeline using the disclosure date 2015-08-02 as reference:

• 2015-08-02: Python issue bpo-24778 reported by Bernd Dietzel

• 2022-04-13 (+2446 days): CVE-2015-20107 published

• 2022-06-03 (+2497 days): commit b9509ba (branch 3.12)

• 2022-06-03 (+2497 days): commit fae93ab (branch 3.11)

• 2022-09-20 (+2606 days): commit 96739bc (branch 3.10)

• 2022-10-11 (+2627 days): commit 0a4f650 (branch 3.8)

• 2022-10-11 (+2627 days): commit 6e8e9e7 (branch 3.7)

• 2022-10-11 (+2627 days): commit c59a16e (branch 3.9)

• 2022-10-11 (+2627 days): Python 3.10.8 released

• 2022-10-24: Python 3.11.0 released

• 2022-12-06 (+2683 days): Python 3.7.16 released

• 2022-12-06 (+2683 days): Python 3.8.16 released

• 2022-12-06 (+2683 days): Python 3.9.16 released

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4