CVE-2020-27619
moderate-risk
Published 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
Do I need to act?
-
0.63% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: aa73e1722eb9835dc99fd8983885a141112ee4ab, 9b2dd1fc6c9913dbeee623e724b6baa598038f97, 6503f05dd59e26a9986bdea097b3da9b3546f45b, 1e5d33e9b9b8631b36f061103a30208b206fd03a, 2ef5caa58febc8968e670e39e3d37cf8eef3cab8, 43e523103886af66d6c27cd72431b5d9d14cd2a9, 6c6c256df3636ff6f6136820afaefa5a10a3ac33, b664a1df4ee71d3760ab937653b10997081b1794, e912e945f2960029d039d3390ea08835ad39374b
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (28)
Issue Tracking
https://bugs.python.org/issue41944
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201123-0004/
Issue Tracking
https://bugs.python.org/issue41944
and 8 more references
44
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
10/34 · Low