[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-20107":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":52,"aliases":62,"duplicate_of":9,"upstream":63,"downstream":64,"duplicates":129,"related":130,"reserved_at":9,"published_at":148,"modified_at":149,"state":150,"summary":151,"references_raw":159,"kevs":286,"epss":287,"epss_history":290,"metrics":550,"affected":560},"CVE-2015-20107","In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","weakness","Draft","Class","High",[20,24,28,32,36,40,44,48],{"id":21,"name":22,"techniques":23},"CAPEC-136","LDAP Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":33,"name":34,"techniques":35},"CAPEC-248","Command Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":41,"name":42,"techniques":43},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":45,"name":46,"techniques":47},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":49,"name":50,"techniques":51},"CAPEC-76","Manipulating Web Input to File System Calls",[],[53],{"_key":54,"name":55,"source":56,"url":57,"maturity":58,"reliability_score":59,"verified":60,"type":9,"platforms":61,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_E176583DA9404D5A","Exploit Reference (bugs.python.org)","reference","https://bugs.python.org/issue24778","unknown",0.2,false,[],[],[],[65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127],{"_key":66},"ALPINE-CVE-2015-20107",{"_key":68},"RHSA-2022:6766",{"_key":70},"RHSA-2022:7581",{"_key":72},"RHSA-2022:7592",{"_key":74},"RHSA-2022:7593",{"_key":76},"RHSA-2022:8353",{"_key":78},"SUSE-SU-2023:0707-1",{"_key":80},"SUSE-SU-2022:2147-1",{"_key":82},"SUSE-SU-2022:2166-1",{"_key":84},"SUSE-SU-2022:2248-1",{"_key":86},"SUSE-SU-2022:2249-1",{"_key":88},"SUSE-SU-2022:2351-1",{"_key":90},"SUSE-SU-2022:2174-1",{"_key":92},"SUSE-SU-2022:2291-1",{"_key":94},"SUSE-SU-2022:2344-1",{"_key":96},"SUSE-SU-2022:2357-1",{"_key":98},"SUSE-SU-2022:2357-2",{"_key":100},"SUSE-SU-2023:0748-1",{"_key":102},"OPENSUSE-SU-2024:12143-1",{"_key":104},"OPENSUSE-SU-2024:12150-1",{"_key":106},"OPENSUSE-SU-2024:12152-1",{"_key":108},"DLA-3432-1",{"_key":110},"DLA-3477-1",{"_key":112},"DLA-3980-1",{"_key":114},"RHSA-2022:6457",{"_key":116},"MGASA-2022-0359",{"_key":118},"MGASA-2022-0367",{"_key":120},"UBUNTU-CVE-2015-20107",{"_key":122},"USN-5888-1",{"_key":124},"DEBIAN-CVE-2015-20107",{"_key":126},"USN-5519-1",{"_key":128},"USN-6891-1",[],[131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147],{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":94},{"_key":96},{"_key":98},{"_key":100},{"_key":102},{"_key":104},{"_key":106},{"_key":116},{"_key":118},"2022-04-13T00:00:00.000Z","2025-11-03T21:43:59.756Z","Modified",{"cisa_kev":60,"cisa_ransomware":60,"cisa_vendor":9,"epss_severity":152,"epss_score":153,"severity":154,"severity_score":155,"severity_version":156,"severity_source":157,"severity_vector":158,"severity_status":150},"low",0.0087,"high",8,"v2.0","nvd","AV:N/AC:L/Au:S/C:P/I:C/A:P",[160,167,172,176,180,184,188,192,196,200,204,208,212,216,220,224,228,232,236,240,244,248,252,256,260,264,269,273,278,282],{"url":57,"sources":161,"tags":163},[162,157],"cve.org",[164,165,166],"Exploit","Issue Tracking","Vendor Advisory",{"url":168,"sources":169,"tags":170},"https://github.com/python/cpython/issues/68966",[162,157],[165,171],"Third Party Advisory",{"url":173,"sources":174,"tags":175},"https://security.netapp.com/advisory/ntap-20220616-0001/",[162,157],[171],{"url":177,"sources":178,"tags":179},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/",[162,157],[166],{"url":181,"sources":182,"tags":183},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/",[162,157],[166],{"url":185,"sources":186,"tags":187},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/",[162,157],[166],{"url":189,"sources":190,"tags":191},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/",[162,157],[166],{"url":193,"sources":194,"tags":195},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/",[162,157],[166],{"url":197,"sources":198,"tags":199},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/",[162,157],[166],{"url":201,"sources":202,"tags":203},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/",[162,157],[166],{"url":205,"sources":206,"tags":207},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/",[162,157],[166],{"url":209,"sources":210,"tags":211},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/",[162,157],[166],{"url":213,"sources":214,"tags":215},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/",[162,157],[166],{"url":217,"sources":218,"tags":219},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/",[162,157],[166],{"url":221,"sources":222,"tags":223},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/",[162,157],[166],{"url":225,"sources":226,"tags":227},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/",[162,157],[166],{"url":229,"sources":230,"tags":231},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/",[162,157],[166],{"url":233,"sources":234,"tags":235},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/",[162,157],[166],{"url":237,"sources":238,"tags":239},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/",[162,157],[166],{"url":241,"sources":242,"tags":243},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/",[162,157],[166],{"url":245,"sources":246,"tags":247},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/",[162,157],[166],{"url":249,"sources":250,"tags":251},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/",[162,157],[166],{"url":253,"sources":254,"tags":255},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/",[162,157],[166],{"url":257,"sources":258,"tags":259},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/",[162,157],[166],{"url":261,"sources":262,"tags":263},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/",[162,157],[166],{"url":265,"sources":266,"tags":267},"https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html",[162,157],[268,171],"Patch",{"url":270,"sources":271,"tags":272},"https://security.gentoo.org/glsa/202305-02",[162,157],[166],{"url":274,"sources":275,"tags":276},"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html",[162,157],[277],"Mailing List",{"url":279,"sources":280,"tags":281},"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",[162,157],[277],{"url":283,"sources":284,"tags":285},"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html",[162,157],[],[],{"date":288,"score":153,"percentile":289},"2026-06-04",0.75544,[291,295,298,301,303,305,308,310,313,316,319,322,325,328,330,333,336,339,342,345,348,350,353,356,359,362,364,366,369,372,374,377,379,381,384,387,390,393,396,399,402,405,408,411,414,418,421,424,427,429,432,435,438,442,446,449,452,455,458,461,464,466,469,471,474,477,480,483,487,490,493,495,498,501,504,507,511,514,517,520,524,527,530,533,535,537,540,542,545,547],{"date":292,"score":293,"percentile":294},"2025-11-04",0.00803,0.73356,{"date":296,"score":293,"percentile":297},"2025-11-05",0.73341,{"date":299,"score":293,"percentile":300},"2025-11-06",0.73338,{"date":302,"score":293,"percentile":294},"2025-11-07",{"date":304,"score":293,"percentile":294},"2025-11-08",{"date":306,"score":293,"percentile":307},"2025-11-09",0.7335,{"date":309,"score":293,"percentile":300},"2025-11-10",{"date":311,"score":293,"percentile":312},"2025-11-11",0.73344,{"date":314,"score":293,"percentile":315},"2025-11-12",0.73363,{"date":317,"score":293,"percentile":318},"2025-11-13",0.73371,{"date":320,"score":293,"percentile":321},"2025-11-14",0.73377,{"date":323,"score":293,"percentile":324},"2025-11-15",0.73374,{"date":326,"score":293,"percentile":327},"2025-11-16",0.73369,{"date":329,"score":293,"percentile":315},"2025-11-17",{"date":331,"score":293,"percentile":332},"2025-11-18",0.71974,{"date":334,"score":293,"percentile":335},"2025-11-19",0.71982,{"date":337,"score":293,"percentile":338},"2025-11-20",0.71989,{"date":340,"score":293,"percentile":341},"2025-11-21",0.73379,{"date":343,"score":293,"percentile":344},"2025-11-22",0.73372,{"date":346,"score":293,"percentile":347},"2025-11-23",0.73357,{"date":349,"score":293,"percentile":307},"2025-11-24",{"date":351,"score":293,"percentile":352},"2025-11-25",0.73353,{"date":354,"score":293,"percentile":355},"2025-11-26",0.73358,{"date":357,"score":293,"percentile":358},"2025-11-27",0.7336,{"date":360,"score":293,"percentile":361},"2025-11-28",0.73354,{"date":363,"score":293,"percentile":312},"2025-11-29",{"date":365,"score":293,"percentile":300},"2025-11-30",{"date":367,"score":293,"percentile":368},"2025-12-01",0.73473,{"date":370,"score":293,"percentile":371},"2025-12-02",0.73479,{"date":373,"score":293,"percentile":371},"2025-12-03",{"date":375,"score":293,"percentile":376},"2025-12-04",0.73348,{"date":378,"score":293,"percentile":347},"2025-12-05",{"date":380,"score":293,"percentile":347},"2025-12-06",{"date":382,"score":293,"percentile":383},"2025-12-07",0.73359,{"date":385,"score":293,"percentile":386},"2025-12-08",0.73364,{"date":388,"score":293,"percentile":389},"2025-12-09",0.73391,{"date":391,"score":293,"percentile":392},"2025-12-10",0.73423,{"date":394,"score":293,"percentile":395},"2025-12-11",0.7344,{"date":397,"score":293,"percentile":398},"2025-12-12",0.73463,{"date":400,"score":293,"percentile":401},"2025-12-13",0.73467,{"date":403,"score":293,"percentile":404},"2025-12-14",0.73468,{"date":406,"score":293,"percentile":407},"2025-12-15",0.73472,{"date":409,"score":293,"percentile":410},"2025-12-16",0.73481,{"date":412,"score":293,"percentile":413},"2025-12-17",0.73492,{"date":415,"score":416,"percentile":417},"2025-12-18",0.00896,0.75029,{"date":419,"score":416,"percentile":420},"2025-12-19",0.75045,{"date":422,"score":416,"percentile":423},"2025-12-20",0.75041,{"date":425,"score":416,"percentile":426},"2025-12-21",0.75035,{"date":428,"score":416,"percentile":426},"2025-12-22",{"date":430,"score":416,"percentile":431},"2025-12-23",0.7503,{"date":433,"score":416,"percentile":434},"2025-12-24",0.75039,{"date":436,"score":416,"percentile":437},"2025-12-25",0.75065,{"date":439,"score":440,"percentile":441},"2025-12-26",0.00872,0.74673,{"date":443,"score":444,"percentile":445},"2025-12-27",0.01004,0.76554,{"date":447,"score":440,"percentile":448},"2025-12-28",0.74654,{"date":450,"score":440,"percentile":451},"2025-12-29",0.74652,{"date":453,"score":440,"percentile":454},"2025-12-30",0.74666,{"date":456,"score":440,"percentile":457},"2025-12-31",0.74693,{"date":459,"score":440,"percentile":460},"2026-01-01",0.74837,{"date":462,"score":440,"percentile":463},"2026-01-02",0.74838,{"date":465,"score":440,"percentile":463},"2026-01-03",{"date":467,"score":440,"percentile":468},"2026-01-04",0.74702,{"date":470,"score":440,"percentile":457},"2026-01-05",{"date":472,"score":440,"percentile":473},"2026-01-06",0.74709,{"date":475,"score":440,"percentile":476},"2026-01-07",0.74719,{"date":478,"score":440,"percentile":479},"2026-01-08",0.74734,{"date":481,"score":440,"percentile":482},"2026-01-09",0.74739,{"date":484,"score":485,"percentile":486},"2026-01-10",0.00905,0.75239,{"date":488,"score":485,"percentile":489},"2026-01-11",0.75227,{"date":491,"score":485,"percentile":492},"2026-01-12",0.75213,{"date":494,"score":485,"percentile":492},"2026-01-13",{"date":496,"score":485,"percentile":497},"2026-01-14",0.7524,{"date":499,"score":485,"percentile":500},"2026-01-15",0.75247,{"date":502,"score":485,"percentile":503},"2026-01-16",0.7526,{"date":505,"score":485,"percentile":506},"2026-01-17",0.75261,{"date":508,"score":509,"percentile":510},"2026-01-18",0.00675,0.70912,{"date":512,"score":509,"percentile":513},"2026-01-19",0.70905,{"date":515,"score":509,"percentile":516},"2026-01-20",0.70914,{"date":518,"score":509,"percentile":519},"2026-01-21",0.70917,{"date":521,"score":522,"percentile":523},"2026-01-22",0.0093,0.75621,{"date":525,"score":522,"percentile":526},"2026-01-23",0.75647,{"date":528,"score":522,"percentile":529},"2026-01-24",0.75653,{"date":531,"score":522,"percentile":532},"2026-01-25",0.7564,{"date":534,"score":522,"percentile":532},"2026-01-26",{"date":536,"score":522,"percentile":532},"2026-01-27",{"date":538,"score":522,"percentile":539},"2026-01-28",0.7565,{"date":541,"score":522,"percentile":526},"2026-01-29",{"date":543,"score":522,"percentile":544},"2026-01-30",0.75652,{"date":546,"score":522,"percentile":544},"2026-01-31",{"date":548,"score":522,"percentile":549},"2026-02-01",0.75776,[551],{"source":157,"cvss_v2_0":552,"cvss_v3_0":9,"cvss_v3_1":554,"cvss_v4_0":9},{"baseScore":155,"baseSeverity":9,"vectorString":158,"impactScore":553,"exploitabilityScore":155},8.5,{"baseScore":555,"baseSeverity":556,"vectorString":557,"impactScore":558,"exploitabilityScore":559},7.6,"HIGH","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",7.8,7.2,[561,573,581,586,590],{"ecosystem":9,"name":562,"vendor":563,"product":562,"cpe_part":564,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":565},"fedora","fedoraproject","o",[566,569,571],{"version":567,"is_range":60,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35","cpe",{"version":570,"is_range":60,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"version":572,"is_range":60,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"37",{"ecosystem":9,"name":574,"vendor":575,"product":576,"cpe_part":577,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":578},"active iq unified manager","netapp","active_iq_unified_manager","a",[579],{"version":580,"is_range":60,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":582,"vendor":575,"product":583,"cpe_part":577,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":584},"ontap select deploy administration utility","ontap_select_deploy_administration_utility",[585],{"version":580,"is_range":60,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":587,"vendor":575,"product":587,"cpe_part":577,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":588},"snapcenter",[589],{"version":580,"is_range":60,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":591,"vendor":591,"product":591,"cpe_part":577,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":592},"python",[593,599,603,607],{"version":594,"is_range":595,"range_type":568,"version_start":596,"version_start_type":597,"version_end":598,"version_end_type":597,"fixed_in":9},"gte3.7.0_lte3.7.15",true,"3.7.0","including","3.7.15",{"version":600,"is_range":595,"range_type":568,"version_start":601,"version_start_type":597,"version_end":602,"version_end_type":597,"fixed_in":9},"gte3.8.0_lte3.8.15","3.8.0","3.8.15",{"version":604,"is_range":595,"range_type":568,"version_start":605,"version_start_type":597,"version_end":606,"version_end_type":597,"fixed_in":9},"gte3.9.0_lte3.9.15","3.9.0","3.9.15",{"version":608,"is_range":595,"range_type":568,"version_start":609,"version_start_type":597,"version_end":610,"version_end_type":611,"fixed_in":9},"gte3.10.0_lt3.10.8","3.10.0","3.10.8","excluding"]