Debian 10 Buster DLA-3432-1 Moderate: Python2.7 Command Injection
debian lts
May 24, 2023
Multiple security issues were discovered in Python, an interactive high-level object-oriented language
Summary
CVE-2015-20107
The mailcap module does not add escape characters into commands
discovered in the system mailcap file. This may allow attackers to
inject shell commands into applications that call
mailcap.findmatch with untrusted input (if they lack validation of
user-provided filenames or arguments).
CVE-2019-20907
In Lib/tarfile.py, an attacker is able to craft a TAR archive
leading to an infinite loop when opened by tarfile.open, because
_proc_pax lacks header validation.
CVE-2020-8492
Python allows an HTTP server to conduct Regular Expression Denial
of Service (ReDoS) attacks against a client because of
urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
CVE-2020-26116
http.client allows CRLF injection if the attacker controls the
HTTP request method, as demonstrated by inserting CR and LF
control characters in the first argument of
HTTPConnection.request.
CVE-2021-3177
PREVIOUS
NEXT
Package: python2.7
Version: 2.7.16-2+deb10u2
CVE ID: CVE-2015-20107 CVE-2019-20907 CVE-2020-8492 CVE-2020-26116
Debian Bug: 970099
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!