Description

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

Remediation

References

CVE-2020-15801

Related Vulnerabilities

WordPress Plugin Post PDF Export Local File Inclusion (1.0.1)

WordPress Plugin Product Addons & Fields for WooCommerce Same Origin Method Execution (SOME) (14.0)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-10705)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-6677)

WordPress Plugin MainWP Dashboard Unspecified Vulnerability (2.0.22)

Severity

Critical

Classification

CVE-2020-15801 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities