CVE-2020-27619critical
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
References
https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
https://bugs.python.org/issue41944
https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
https://security.netapp.com/advisory/ntap-20201123-0004/
https://lists.apache.org/thread.html/[email protected]%3Cdev.mina.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E
Details
Source: MITRE
Published: 2020-10-22
Updated: 2021-06-29
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
CVSS v3
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.6.12 (inclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 3.7.0 to 3.7.9 (inclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 3.8.0 to 3.8.6 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 152781 | RHEL 7 : rh-python38 (RHSA-2021:3254) | Nessus | Red Hat Local Security Checks | critical |
| 152778 | RHEL 7 : python27 (RHSA-2021:3252) | Nessus | Red Hat Local Security Checks | critical |
| 151380 | EulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2021-2159) | Nessus | Huawei Local Security Checks | critical |
| 151340 | EulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2021-2096) | Nessus | Huawei Local Security Checks | critical |
| 149959 | Oracle Linux 8 : python3 (ELSA-2021-1633) | Nessus | Oracle Linux Local Security Checks | critical |
| 149729 | CentOS 8 : python3 (CESA-2021:1633) | Nessus | CentOS Local Security Checks | critical |
| 149712 | RHEL 8 : python3 (RHSA-2021:1633) | Nessus | Red Hat Local Security Checks | critical |
| 149535 | SUSE SLES12 Security Update : python3 (SUSE-SU-2021:1621-1) | Nessus | SuSE Local Security Checks | critical |
| 148008 | Ubuntu 18.04 LTS / 20.04 LTS : Python vulnerabilities (USN-4754-3) | Nessus | Ubuntu Local Security Checks | critical |
| 147997 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Python vulnerabilities (USN-4754-1) | Nessus | Ubuntu Local Security Checks | critical |
| 147696 | EulerOS Virtualization 2.9.0 : python3 (EulerOS-SA-2021-1649) | Nessus | Huawei Local Security Checks | critical |
| 147485 | EulerOS Virtualization 2.9.1 : python3 (EulerOS-SA-2021-1623) | Nessus | Huawei Local Security Checks | critical |
| 147120 | EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2021-1560) | Nessus | Huawei Local Security Checks | critical |
| 147105 | EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2021-1512) | Nessus | Huawei Local Security Checks | critical |
| 147031 | EulerOS Virtualization for ARM 64 3.0.6.0 : python2 (EulerOS-SA-2021-1543) | Nessus | Huawei Local Security Checks | critical |
| 146714 | EulerOS 2.0 SP2 : python (EulerOS-SA-2021-1350) | Nessus | Huawei Local Security Checks | critical |
| 146127 | EulerOS 2.0 SP5 : python (EulerOS-SA-2021-1226) | Nessus | Huawei Local Security Checks | critical |
| 145389 | openSUSE Security Update : python3 (openSUSE-2020-2333) | Nessus | SuSE Local Security Checks | critical |
| 145326 | openSUSE Security Update : python3 (openSUSE-2020-2332) | Nessus | SuSE Local Security Checks | critical |
| 145144 | EulerOS 2.0 SP3 : python (EulerOS-SA-2021-1114) | Nessus | Huawei Local Security Checks | critical |
| 144586 | SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1) | Nessus | SuSE Local Security Checks | critical |
| 144443 | SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3865-1) | Nessus | SuSE Local Security Checks | critical |
| 144142 | EulerOS 2.0 SP8 : python2 (EulerOS-SA-2020-2527) | Nessus | Huawei Local Security Checks | critical |
| 144139 | EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-2528) | Nessus | Huawei Local Security Checks | critical |
| 143417 | EulerOS 2.0 SP9 : python3 (EulerOS-SA-2020-2502) | Nessus | Huawei Local Security Checks | critical |
| 143396 | EulerOS 2.0 SP9 : python3 (EulerOS-SA-2020-2489) | Nessus | Huawei Local Security Checks | critical |
| 143064 | Photon OS 1.0: Python3 PHSA-2020-1.0-0338 | Nessus | PhotonOS Local Security Checks | critical |
| 142987 | Photon OS 2.0: Python3 PHSA-2020-2.0-0295 | Nessus | PhotonOS Local Security Checks | critical |
| 142654 | Photon OS 3.0: Python3 PHSA-2020-3.0-0161 | Nessus | PhotonOS Local Security Checks | critical |