bug

[zhangxueping-zxp]

Bug report

Python command injection vulnerability (CVE-2015-2007)

Python version 3.10.4 and earlier has a security vulnerability, which is due to the mailcap module not adding escape characters to the commands found in the system mailcap file

Your environment

Python 3.7.9

• CPython versions tested on:
• Operating system and architecture:
  windows and linux

[JelleZijlstra]

Your CVE link is wrong but I think this is a duplicate of #68966.

[zhangxueping-zxp]

This is the result of vulnerability scanning. Do you have any fixes for the old version

[JelleZijlstra]

#93543 fixed it for 3.10

[zhangxueping-zxp]

Hello, I know that 3.10 has been fixed, but I don't update the version. I still use python 3.7.9. Is there any way

[ericvsmith]

It was backported to 3.7 in #98191. That was in October 2022, and 3.7's last binary installer release was 3.7.9, released on 2020-08-17. You can either build a newer version from source yourself, or get a binary release from a third party.

[JelleZijlstra]

Or upgrade to a newer version, which is a good idea anyway as 3.7 will stop receiving security fixes in a few months.