Home

CVE-2020-27619

Description

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.854

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2020-15523,CVE-2020-27619 are affected in Python 3.9.0Windows
Vulnerabilities CVE-2020-15523,CVE-2020-27619,CVE-2021-3733,CVE-2022-48560 are affected in Python 3.9.0Windows
Vulnerabilities CVE-2020-27619,CVE-2022-48564,CVE-2022-48565,CVE-2022-48566 are affected in Python 3.9.0-rc2Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.0Windows
SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.12-4.25.1.x86_64.rpmLinux
SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.12-4.25.1.x86_64.rpmLinux
SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.12-4.25.1.x86_64.rpmLinux
SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.12-4.25.1.x86_64.rpmLinux
SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.12-4.25.1.x86_64.rpmLinux
SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.12-4.25.1.x86_64.rpmLinux
SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.12-4.25.1.x86_64.rpmLinux
An interactive high-level object-oriented language (USN-4754-3) python2.7_2.7.18-1~20.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-4754-3) python2.7_2.7.18-1~20.04.1_amd64.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.7_3.7.5-2~18.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.7_3.7.5-2~18.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.8_3.8.0-3~18.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.8_3.8.0-3~18.04.1_amd64.debLinux
An interactive high-level object-oriented language (USN-4754-3) python2.7-minimal_2.7.18-1~20.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-4754-3) python2.7-minimal_2.7.18-1~20.04.1_amd64.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.7-minimal_3.7.5-2~18.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.7-minimal_3.7.5-2~18.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.8-minimal_3.8.0-3~18.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-4754-3) python3.8-minimal_3.8.0-3~18.04.1_amd64.debLinux
(RHSA-2021:1633) python3 security update platform-python-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update platform-python-3.6.8-37.el8.x86_64.rpmLinux
(RHSA-2021:1633) python3 security update platform-python-debug-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update platform-python-debug-3.6.8-37.el8.x86_64.rpmLinux
(RHSA-2021:1633) python3 security update platform-python-devel-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update platform-python-devel-3.6.8-37.el8.x86_64.rpmLinux
(RHSA-2021:1633) python3 security update python3-debugsource-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update python3-debugsource-3.6.8-37.el8.x86_64.rpmLinux
(RHSA-2021:1633) python3 security update python3-idle-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update python3-idle-3.6.8-37.el8.x86_64.rpmLinux
(RHSA-2021:1633) python3 security update python3-libs-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update python3-libs-3.6.8-37.el8.x86_64.rpmLinux
(RHSA-2021:1633) python3 security update python3-test-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update python3-test-3.6.8-37.el8.x86_64.rpmLinux
(RHSA-2021:1633) python3 security update python3-tkinter-3.6.8-37.el8.i686.rpmLinux
(RHSA-2021:1633) python3 security update python3-tkinter-3.6.8-37.el8.x86_64.rpmLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_i386.debLinux
CVE-2020-27619NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234