CVE-2015-20107
CVE Details
Last Update
9/25/24
NIST CVE Summary
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
Our Official Summary
Waiting on a fix from third party mongodb vendor
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX 4.4.14
Revision History
- 1.0 08/16/2024 Initial Publication
- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18