csaf_opensuse - opensuse-su-2024:12150-1

OPENSUSE-SU-2024:12150-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

python39-3.9.13-2.1 on GA media

Notes

Title of the patch

python39-3.9.13-2.1 on GA media

Description of the patch

These are all security issues fixed in the python39-3.9.13-2.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-12150

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python39-3.9.13-2.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python39-3.9.13-2.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12150",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12150-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-20107 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-20107/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3572 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-25236 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-25236/"
      }
    ],
    "title": "python39-3.9.13-2.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12150-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python39-3.9.13-2.1.aarch64",
                "product": {
                  "name": "python39-3.9.13-2.1.aarch64",
                  "product_id": "python39-3.9.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-32bit-3.9.13-2.1.aarch64",
                "product": {
                  "name": "python39-32bit-3.9.13-2.1.aarch64",
                  "product_id": "python39-32bit-3.9.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-curses-3.9.13-2.1.aarch64",
                "product": {
                  "name": "python39-curses-3.9.13-2.1.aarch64",
                  "product_id": "python39-curses-3.9.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-dbm-3.9.13-2.1.aarch64",
                "product": {
                  "name": "python39-dbm-3.9.13-2.1.aarch64",
                  "product_id": "python39-dbm-3.9.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-idle-3.9.13-2.1.aarch64",
                "product": {
                  "name": "python39-idle-3.9.13-2.1.aarch64",
                  "product_id": "python39-idle-3.9.13-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-tk-3.9.13-2.1.aarch64",
                "product": {
                  "name": "python39-tk-3.9.13-2.1.aarch64",
                  "product_id": "python39-tk-3.9.13-2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python39-3.9.13-2.1.ppc64le",
                "product": {
                  "name": "python39-3.9.13-2.1.ppc64le",
                  "product_id": "python39-3.9.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-32bit-3.9.13-2.1.ppc64le",
                "product": {
                  "name": "python39-32bit-3.9.13-2.1.ppc64le",
                  "product_id": "python39-32bit-3.9.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-curses-3.9.13-2.1.ppc64le",
                "product": {
                  "name": "python39-curses-3.9.13-2.1.ppc64le",
                  "product_id": "python39-curses-3.9.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-dbm-3.9.13-2.1.ppc64le",
                "product": {
                  "name": "python39-dbm-3.9.13-2.1.ppc64le",
                  "product_id": "python39-dbm-3.9.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-idle-3.9.13-2.1.ppc64le",
                "product": {
                  "name": "python39-idle-3.9.13-2.1.ppc64le",
                  "product_id": "python39-idle-3.9.13-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-tk-3.9.13-2.1.ppc64le",
                "product": {
                  "name": "python39-tk-3.9.13-2.1.ppc64le",
                  "product_id": "python39-tk-3.9.13-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python39-3.9.13-2.1.s390x",
                "product": {
                  "name": "python39-3.9.13-2.1.s390x",
                  "product_id": "python39-3.9.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-32bit-3.9.13-2.1.s390x",
                "product": {
                  "name": "python39-32bit-3.9.13-2.1.s390x",
                  "product_id": "python39-32bit-3.9.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-curses-3.9.13-2.1.s390x",
                "product": {
                  "name": "python39-curses-3.9.13-2.1.s390x",
                  "product_id": "python39-curses-3.9.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-dbm-3.9.13-2.1.s390x",
                "product": {
                  "name": "python39-dbm-3.9.13-2.1.s390x",
                  "product_id": "python39-dbm-3.9.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-idle-3.9.13-2.1.s390x",
                "product": {
                  "name": "python39-idle-3.9.13-2.1.s390x",
                  "product_id": "python39-idle-3.9.13-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-tk-3.9.13-2.1.s390x",
                "product": {
                  "name": "python39-tk-3.9.13-2.1.s390x",
                  "product_id": "python39-tk-3.9.13-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python39-3.9.13-2.1.x86_64",
                "product": {
                  "name": "python39-3.9.13-2.1.x86_64",
                  "product_id": "python39-3.9.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-32bit-3.9.13-2.1.x86_64",
                "product": {
                  "name": "python39-32bit-3.9.13-2.1.x86_64",
                  "product_id": "python39-32bit-3.9.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-curses-3.9.13-2.1.x86_64",
                "product": {
                  "name": "python39-curses-3.9.13-2.1.x86_64",
                  "product_id": "python39-curses-3.9.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-dbm-3.9.13-2.1.x86_64",
                "product": {
                  "name": "python39-dbm-3.9.13-2.1.x86_64",
                  "product_id": "python39-dbm-3.9.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-idle-3.9.13-2.1.x86_64",
                "product": {
                  "name": "python39-idle-3.9.13-2.1.x86_64",
                  "product_id": "python39-idle-3.9.13-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-tk-3.9.13-2.1.x86_64",
                "product": {
                  "name": "python39-tk-3.9.13-2.1.x86_64",
                  "product_id": "python39-tk-3.9.13-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-3.9.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64"
        },
        "product_reference": "python39-3.9.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-3.9.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le"
        },
        "product_reference": "python39-3.9.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-3.9.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x"
        },
        "product_reference": "python39-3.9.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-3.9.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64"
        },
        "product_reference": "python39-3.9.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-32bit-3.9.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64"
        },
        "product_reference": "python39-32bit-3.9.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-32bit-3.9.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le"
        },
        "product_reference": "python39-32bit-3.9.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-32bit-3.9.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x"
        },
        "product_reference": "python39-32bit-3.9.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-32bit-3.9.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64"
        },
        "product_reference": "python39-32bit-3.9.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-curses-3.9.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64"
        },
        "product_reference": "python39-curses-3.9.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-curses-3.9.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le"
        },
        "product_reference": "python39-curses-3.9.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-curses-3.9.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x"
        },
        "product_reference": "python39-curses-3.9.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-curses-3.9.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64"
        },
        "product_reference": "python39-curses-3.9.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-dbm-3.9.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64"
        },
        "product_reference": "python39-dbm-3.9.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-dbm-3.9.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le"
        },
        "product_reference": "python39-dbm-3.9.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-dbm-3.9.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x"
        },
        "product_reference": "python39-dbm-3.9.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-dbm-3.9.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64"
        },
        "product_reference": "python39-dbm-3.9.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-idle-3.9.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64"
        },
        "product_reference": "python39-idle-3.9.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-idle-3.9.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le"
        },
        "product_reference": "python39-idle-3.9.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-idle-3.9.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x"
        },
        "product_reference": "python39-idle-3.9.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-idle-3.9.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64"
        },
        "product_reference": "python39-idle-3.9.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-tk-3.9.13-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64"
        },
        "product_reference": "python39-tk-3.9.13-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-tk-3.9.13-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le"
        },
        "product_reference": "python39-tk-3.9.13-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-tk-3.9.13-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x"
        },
        "product_reference": "python39-tk-3.9.13-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-tk-3.9.13-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
        },
        "product_reference": "python39-tk-3.9.13-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-20107",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-20107"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-20107",
          "url": "https://www.suse.com/security/cve/CVE-2015-20107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198511 for CVE-2015-20107",
          "url": "https://bugzilla.suse.com/1198511"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200507 for CVE-2015-20107",
          "url": "https://bugzilla.suse.com/1200507"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201777 for CVE-2015-20107",
          "url": "https://bugzilla.suse.com/1201777"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201791 for CVE-2015-20107",
          "url": "https://bugzilla.suse.com/1201791"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205068 for CVE-2015-20107",
          "url": "https://bugzilla.suse.com/1205068"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208337 for CVE-2015-20107",
          "url": "https://bugzilla.suse.com/1208337"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-20107"
    },
    {
      "cve": "CVE-2021-3572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3572",
          "url": "https://www.suse.com/security/cve/CVE-2021-3572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186819 for CVE-2021-3572",
          "url": "https://bugzilla.suse.com/1186819"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3572"
    },
    {
      "cve": "CVE-2022-25236",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-25236"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
          "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-25236",
          "url": "https://www.suse.com/security/cve/CVE-2022-25236"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196025 for CVE-2022-25236",
          "url": "https://bugzilla.suse.com/1196025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196784 for CVE-2022-25236",
          "url": "https://bugzilla.suse.com/1196784"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197217 for CVE-2022-25236",
          "url": "https://bugzilla.suse.com/1197217"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200038 for CVE-2022-25236",
          "url": "https://bugzilla.suse.com/1200038"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201735 for CVE-2022-25236",
          "url": "https://bugzilla.suse.com/1201735"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python39-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-32bit-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-curses-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-dbm-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-idle-3.9.13-2.1.x86_64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.aarch64",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.ppc64le",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.s390x",
            "openSUSE Tumbleweed:python39-tk-3.9.13-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-25236"
    }
  ]
}

CVE-2021-3572 (GCVE-0-2021-3572)

Vulnerability from cvelistv5 – Published: 2021-11-10 17:55 – Updated: 2024-08-03 17:01

Summary

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1962856
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://www.oracle.com/security-alerts/cpujul2022.html
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	n/a	python-pip	Affected: fixed in python-pip 21.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "python-pip",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "fixed in python-pip 21.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:29.286468",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3572",
    "datePublished": "2021-11-10T17:55:47",
    "dateReserved": "2021-06-01T00:00:00",
    "dateUpdated": "2024-08-03T17:01:08.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25236 (GCVE-0-2022-25236)

Vulnerability from cvelistv5 – Published: 2022-02-16 00:39 – Updated: 2025-05-05 16:23

Summary

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/libexpat/libexpat/pull/561	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/02/19/1	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2022/dsa-5085	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2022030…	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/167238/Zoom-…	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-24	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:06.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/libexpat/libexpat/pull/561"
          },
          {
            "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
          },
          {
            "name": "DSA-5085",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5085"
          },
          {
            "name": "FEDORA-2022-04f206996b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/"
          },
          {
            "name": "FEDORA-2022-3d9d67f558",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/"
          },
          {
            "name": "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "name": "GLSA-202209-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-25236",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:40.820309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-668",
                "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:23:43.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:07:15.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/libexpat/libexpat/pull/561"
        },
        {
          "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
        },
        {
          "name": "DSA-5085",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5085"
        },
        {
          "name": "FEDORA-2022-04f206996b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/"
        },
        {
          "name": "FEDORA-2022-3d9d67f558",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/"
        },
        {
          "name": "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
        },
        {
          "name": "GLSA-202209-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-24"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-25236",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/libexpat/libexpat/pull/561",
              "refsource": "MISC",
              "url": "https://github.com/libexpat/libexpat/pull/561"
            },
            {
              "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
            },
            {
              "name": "DSA-5085",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5085"
            },
            {
              "name": "FEDORA-2022-04f206996b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/"
            },
            {
              "name": "FEDORA-2022-3d9d67f558",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/"
            },
            {
              "name": "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220303-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
            },
            {
              "name": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
            },
            {
              "name": "GLSA-202209-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-24"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-25236",
    "datePublished": "2022-02-16T00:39:16.000Z",
    "dateReserved": "2022-02-16T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:23:43.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-20107 (GCVE-0-2015-20107)

Vulnerability from cvelistv5 – Published: 2022-04-13 00:00 – Updated: 2025-11-03 21:43

Summary

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugs.python.org/issue24778
	https://github.com/python/cpython/issues/68966
	https://security.netapp.com/advisory/ntap-2022061…
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://python-security.readthedocs.io/vuln/mailc…
	https://security.gentoo.org/glsa/202305-02	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:43:59.756Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.python.org/issue24778"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/68966"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220616-0001/"
          },
          {
            "name": "FEDORA-2022-5ad25e3d3c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/"
          },
          {
            "name": "FEDORA-2022-cece1d07d9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/"
          },
          {
            "name": "FEDORA-2022-2e1d1205cf",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/"
          },
          {
            "name": "FEDORA-2022-4b0dfda810",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/"
          },
          {
            "name": "FEDORA-2022-1358cedf2d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/"
          },
          {
            "name": "FEDORA-2022-0be85556b4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/"
          },
          {
            "name": "FEDORA-2022-a8e50dc83e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/"
          },
          {
            "name": "FEDORA-2022-4c788bdc40",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/"
          },
          {
            "name": "FEDORA-2022-9da5703d22",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/"
          },
          {
            "name": "FEDORA-2022-4a69d20cf4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/"
          },
          {
            "name": "FEDORA-2022-5ea8aa7518",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/"
          },
          {
            "name": "FEDORA-2022-ec74ac4079",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/"
          },
          {
            "name": "FEDORA-2022-17a1bb7e78",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/"
          },
          {
            "name": "FEDORA-2022-dbe9a8f9ac",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/"
          },
          {
            "name": "FEDORA-2022-9dd70781cb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/"
          },
          {
            "name": "FEDORA-2022-20e87fb0d1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/"
          },
          {
            "name": "FEDORA-2022-9cd41b6709",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/"
          },
          {
            "name": "FEDORA-2022-d157a91e10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/"
          },
          {
            "name": "FEDORA-2022-ce55d01569",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/"
          },
          {
            "name": "FEDORA-2022-b499f2a9c6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/"
          },
          {
            "name": "FEDORA-2022-d1682fef04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
          },
          {
            "name": "FEDORA-2022-79843dfb3c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html"
          },
          {
            "name": "GLSA-202305-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-02"
          },
          {
            "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-30T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.python.org/issue24778"
        },
        {
          "url": "https://github.com/python/cpython/issues/68966"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220616-0001/"
        },
        {
          "name": "FEDORA-2022-5ad25e3d3c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/"
        },
        {
          "name": "FEDORA-2022-cece1d07d9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/"
        },
        {
          "name": "FEDORA-2022-2e1d1205cf",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/"
        },
        {
          "name": "FEDORA-2022-4b0dfda810",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/"
        },
        {
          "name": "FEDORA-2022-1358cedf2d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/"
        },
        {
          "name": "FEDORA-2022-0be85556b4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/"
        },
        {
          "name": "FEDORA-2022-a8e50dc83e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/"
        },
        {
          "name": "FEDORA-2022-4c788bdc40",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/"
        },
        {
          "name": "FEDORA-2022-9da5703d22",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/"
        },
        {
          "name": "FEDORA-2022-4a69d20cf4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/"
        },
        {
          "name": "FEDORA-2022-5ea8aa7518",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/"
        },
        {
          "name": "FEDORA-2022-ec74ac4079",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/"
        },
        {
          "name": "FEDORA-2022-17a1bb7e78",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/"
        },
        {
          "name": "FEDORA-2022-dbe9a8f9ac",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/"
        },
        {
          "name": "FEDORA-2022-9dd70781cb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/"
        },
        {
          "name": "FEDORA-2022-20e87fb0d1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/"
        },
        {
          "name": "FEDORA-2022-9cd41b6709",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/"
        },
        {
          "name": "FEDORA-2022-d157a91e10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/"
        },
        {
          "name": "FEDORA-2022-ce55d01569",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/"
        },
        {
          "name": "FEDORA-2022-b499f2a9c6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/"
        },
        {
          "name": "FEDORA-2022-d1682fef04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
        },
        {
          "name": "FEDORA-2022-79843dfb3c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
        },
        {
          "url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html"
        },
        {
          "name": "GLSA-202305-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-02"
        },
        {
          "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
        },
        {
          "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-20107",
    "datePublished": "2022-04-13T00:00:00.000Z",
    "dateReserved": "2022-04-13T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:43:59.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2024:12150-1

CVE-2021-3572 (GCVE-0-2021-3572)

CVE-2022-25236 (GCVE-0-2022-25236)

CVE-2015-20107 (GCVE-0-2015-20107)

Tags

Sightings

Nomenclature