发布时间: 2022年5月18日
修改时间: 2024年10月31日
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | High |
| Attack Vector | Network | Network |
| CVSS评分 | 7.6 | 9.8 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | None |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | Low | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1458 | python3 security update | 2022年5月18日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | python3 | Fixed |
| KY3.4-5 | python3 | Fixed |
| KY3.5.1 | python3 | Fixed |
