CVE-2020-27619 — Eval Injection in Python

CWE-95 — Eval Injection23 documents10 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 29.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Fedoraproject Fedora Oracle Communications Cloud Native Core Network Function Cloud Native Environment +2 more

Timeline

PublishedOct 22

Latest updateJul 11

Description

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDpython/python3.0.0 — 3.6.13+3

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cortex_xsoar

▶NVDoracle/communications_cloud_native_core_network_function_cloud_native_environment22.2.0

Also affects: Fedora 33, 34

Patches

Patch: bugs.python.org ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-22cq-cq7f-8jm3: In Python 3 through 3↗2022-05-24

▶

OSV

python2.7 vulnerability↗2022-02-08

▶

OSV

python2.7 vulnerability↗2021-03-03

▶

OSV

python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities↗2021-02-25

▶

OSV

python2.7 regression↗2021-02-25

▶

📋Vendor Advisories

Ubuntu

Python vulnerabilities↗2024-07-11

▶

Ubuntu

Python vulnerabilities↗2021-03-12

▶

Ubuntu

Python vulnerabilities↗2021-02-25

▶

Palo Alto

Informational: Impact of Python Test Suite Vulnerability CVE-2020-27619↗2021-02-10

▶

Microsoft

In Python 3 through 3.9.0 the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.↗2020-10-13

▶

💬Community

Bugzilla

CVE-2020-27619 python36: python: Python 3 eval of http resources during test suite runs [fedora-all]↗2020-10-21

▶

Bugzilla

CVE-2020-27619 python39: python: Python 3 eval of http resources during test suite runs [fedora-all]↗2020-10-21

▶

Bugzilla

CVE-2020-27619 python35: python: Python 3 eval of http resources during test suite runs [fedora-all]↗2020-10-21

▶

Bugzilla

CVE-2020-27619 python37: python: Python 3 eval of http resources during test suite runs [fedora-all]↗2020-10-21

▶

Bugzilla

CVE-2020-27619 python38: python: Python 3 eval of http resources during test suite runs [fedora-all]↗2020-10-21

▶