CVE-2008-5983

Name of the Vulnerable Software and Affected Versions Python versions 2.6 and earlier

Description The issue is related to an untrusted search path vulnerability in the PySys SetArgv API function. When the argv[0] argument does not contain a path separator, an empty string is prepended to sys.path. This might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Recommendations For Python versions 2.6 and earlier, consider updating to a version where this issue is resolved, or as a temporary workaround, restrict the execution of Python files from untrusted sources in the current working directory to minimize the risk of exploitation.