CVE-2023-26604

CVE Details

CVE-2023-26604

Last Update

08/16/2024

NIST CVE Summary

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Our Official Summary

Spectro Cloud Official Summary Coming Soon

CVE Severity

7.8

Status

Ongoing

Affected Products & Versions

Palette VerteX 4.4.14, 4.4.18
Palette Enterprise 4.4.18

Revision History

1.0 08/16/2024 Initial Publication
2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​