Description

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

Remediation

References

CVE-2020-15801

Related Vulnerabilities

WordPress Plugin Team Showcase Multiple Vulnerabilities (1.22.15)

WordPress Plugin YITH WooCommerce Bulk Product Editing Security Bypass (1.2.13)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3050)

WordPress Plugin SlickQuiz Multiple Vulnerabilities (1.3.7.1)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Multiple Vulnerabilities (1.1.9)

Severity

Critical

Classification

CVE-2020-15801 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities