PT-2020-6992 · Python+1 · Python+1

Published

2020-07-15

Updated

2025-11-07

CVE-2020-15801

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Python version 3.8.4

Description The issue is related to the python38. pth file, where sys.path restrictions are ignored, allowing code to be loaded from arbitrary locations. This could potentially enable a remote attacker to execute arbitrary code. The vulnerability is associated with the ignoring of sys.path restrictions specified in the python38. pth file.

Recommendations For Python version 3.8.4, consider restricting access to the python38. pth file to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the python38. pth file for specifying sys.path restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2024-09146

BIT-LIBPYTHON-2020-15801

BIT-PYTHON-2020-15801

BIT-PYTHON-MIN-2020-15801

CVE-2020-15801

OPENSUSE-SU-2024:11283-1

OPENSUSE-SU-2024:11286-1

OPENSUSE-SU-2024:12089-1

OPENSUSE-SU-2024:12910-1

OPENSUSE-SU-2024:14109-1

OPENSUSE-SU-2024:14434-1

OPENSUSE-SU-2025:15713-1

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2025:20025-1

SUSE-SU-2025:20154-1

SUSE-SU-2025:20492-1

Affected Products

Python

Red Os

PT-2020-6992 · Python+1 · Python+1

CVE-2020-15801

Weakness Enumeration

Related Identifiers

Affected Products

References · 107