CVE-2020-8315

Name of the Vulnerable Software and Affected Versions Python (CPython) versions 3.6 through 3.6.10 Python (CPython) versions 3.7 through 3.7.6 Python (CPython) versions 3.8 through 3.8.1

Description An insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. This issue does not affect Windows 8 and later.

Recommendations For versions 3.6 through 3.6.10, consider updating to a version outside of this range to mitigate the risk. For versions 3.7 through 3.7.6, consider updating to a version outside of this range to mitigate the risk. For versions 3.8 through 3.8.1, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of the api-ms-win-core-path-l1-1-0.dll library on Windows 7 systems until a patch is available.