← back
CVE-2020-15801

CVE-2020-15801

EPSS 3.1%
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.python.org/issue41304https://github.com/python/cpython/pull/21495https://security.netapp.com/advisory/ntap-20200731-0003/