Unrated severityNVD Advisory· Published Jul 17, 2020· Updated Aug 4, 2024
CVE-2020-15801
CVE-2020-15801
Description
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not affected.
Affected products
13- Python/Pythondescription
- osv-coords12 versionspkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/opensuse/python310&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python314&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.0
>= 3.7.0, < 3.7.9+ 11 more
- (no CPE)range: >= 3.7.0, < 3.7.9
- (no CPE)range: >= 3.7.0, < 3.7.9
- (no CPE)range: >= 3.7.0, < 3.7.9
- (no CPE)range: < 3.10.0rc1-4.2
- (no CPE)range: < 3.11.0b1-1.1
- (no CPE)range: < 3.12.0a7-1.1
- (no CPE)range: < 3.13.0~b3-1.1
- (no CPE)range: < 3.14.0~a1-1.1
- (no CPE)range: < 3.15.0~a1-1.1
- (no CPE)range: < 3.9.7-2.1
- (no CPE)range: < 3.11.8-3.1
- (no CPE)range: < 3.11.8-3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- bugs.python.org/issue41304mitrex_refsource_MISC
- github.com/python/cpython/pull/21495mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20200731-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.