In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
https://bugs.python.org/issue41944
https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
https://lists.apache.org/thread.html/[email protected]%3Cdev.mina.apache.org%3E
Source: MITRE
Published: 2020-10-22
Updated: 2021-03-15
Type: NVD-CWE-noinfo
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.6.12 (inclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 3.7.0 to 3.7.9 (inclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 3.8.0 to 3.8.6 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
148008 | Ubuntu 18.04 LTS / 20.04 LTS : Python vulnerabilities (USN-4754-3) | Nessus | Ubuntu Local Security Checks | high |
147997 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Python vulnerabilities (USN-4754-1) | Nessus | Ubuntu Local Security Checks | high |
147696 | EulerOS Virtualization 2.9.0 : python3 (EulerOS-SA-2021-1649) | Nessus | Huawei Local Security Checks | high |
147485 | EulerOS Virtualization 2.9.1 : python3 (EulerOS-SA-2021-1623) | Nessus | Huawei Local Security Checks | high |
147120 | EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2021-1560) | Nessus | Huawei Local Security Checks | high |
147105 | EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2021-1512) | Nessus | Huawei Local Security Checks | high |
147031 | EulerOS Virtualization for ARM 64 3.0.6.0 : python2 (EulerOS-SA-2021-1543) | Nessus | Huawei Local Security Checks | high |
146714 | EulerOS 2.0 SP2 : python (EulerOS-SA-2021-1350) | Nessus | Huawei Local Security Checks | high |
146127 | EulerOS 2.0 SP5 : python (EulerOS-SA-2021-1226) | Nessus | Huawei Local Security Checks | high |
145389 | openSUSE Security Update : python3 (openSUSE-2020-2333) | Nessus | SuSE Local Security Checks | high |
145326 | openSUSE Security Update : python3 (openSUSE-2020-2332) | Nessus | SuSE Local Security Checks | high |
145144 | EulerOS 2.0 SP3 : python (EulerOS-SA-2021-1114) | Nessus | Huawei Local Security Checks | high |
144586 | SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1) | Nessus | SuSE Local Security Checks | high |
144443 | SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3865-1) | Nessus | SuSE Local Security Checks | high |
144142 | EulerOS 2.0 SP8 : python2 (EulerOS-SA-2020-2527) | Nessus | Huawei Local Security Checks | high |
144139 | EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-2528) | Nessus | Huawei Local Security Checks | high |
143417 | EulerOS 2.0 SP9 : python3 (EulerOS-SA-2020-2502) | Nessus | Huawei Local Security Checks | high |
143396 | EulerOS 2.0 SP9 : python3 (EulerOS-SA-2020-2489) | Nessus | Huawei Local Security Checks | high |
143064 | Photon OS 1.0: Python3 PHSA-2020-1.0-0338 | Nessus | PhotonOS Local Security Checks | high |
142987 | Photon OS 2.0: Python3 PHSA-2020-2.0-0295 | Nessus | PhotonOS Local Security Checks | high |
142654 | Photon OS 3.0: Python3 PHSA-2020-3.0-0161 | Nessus | PhotonOS Local Security Checks | high |