CVE-2020-8315: Critical severity python 2.7 vulnerability

Q: What is the vulnerability ID of this security issue in Python?

The vulnerability ID of this security issue in Python is CVE-2020-8315.

Q: What is the severity rating of CVE-2020-8315?

CVE-2020-8315 has a severity rating of 9.8, which is considered critical.

Q: Which versions of Python are affected by CVE-2020-8315?

Python versions 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 are affected by CVE-2020-8315.

Q: What is the impact of CVE-2020-8315?

CVE-2020-8315 allows a remote attacker to execute arbitrary code on the system.

Q: How can I fix CVE-2020-8315?

To fix CVE-2020-8315, it is recommended to update to a patched version of Python.

Published Jan 28, 2020

Updated

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.

Other sources

Python could allow a remote attacker to execute arbitrary code on the system, caused by an insecure dependency load upon launch on Windows 7. An attacker could exploit this vulnerability to execute arbitrary code on the system.

— IBM

Affected Software

3 affected components

Python Python>=3.6.0<=3.6.10

Python Python>=3.7.0<=3.7.6

Python Python>=3.8.0<=3.8.1

Remediation

Patch Available

https://bugs.python.org/issue39401

Event History

Jan 28, 2020

CVE Published

via MITRE·06:35 PM

Data Sourced

via MITRE·06:35 PM

Description

Aug 3, 2024

Data Sourced

via IBM·10:19 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6491661

Frequently Asked Questions

What is the vulnerability ID of this security issue in Python?

The vulnerability ID of this security issue in Python is CVE-2020-8315.

What is the severity rating of CVE-2020-8315?