[CVE-2015-20107] Shell injection in mailcap module
CVE-2015-20107 has been assigned for an issue previously reported against the mailcap module.
The mailcap module reads registered commands on Linux systems to determine how to launch certain file types. The Python module does not add additional escape characters to these commands, which may allow an attacker to provide file paths or parameters that include additional shell commands. These may be executed during mailcap.find_match() depending on the system's configuration.
All users of the mailcap module in any version of CPython may be impacted. No patch is currently available, and the module is likely to be deprecated due to lack of an active maintainer. Please visit the issue tracker at the link below to join the discussion if you are able to assist.
To mitigate, applications that use this module should verify user input before passing it to the mailcap module, and the returned command before executing it.
Discussions to email@example.com.
Cheers, Steve Dower Python Security Response Team