CVE-2020-27619 — CRITICAL (9.8)

Q: What is CVE-2020-27619?

CVE-2020-27619 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Q: How severe is CVE-2020-27619?

CVE-2020-27619 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-27619?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

Vulnerability Description

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Python	Python	>= 3.0.0, < 3.6.13
Fedoraproject	Fedora	33
Oracle	Communications Cloud Native Core Network Function Cloud Native Environment	22.2.0

References

https://bugs.python.org/issue41944Issue TrackingPatchVendor Advisory
https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cabPatchVendor Advisory
https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2aPatchVendor Advisory
https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac3PatchVendor Advisory
https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b179PatchVendor Advisory
https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374PatchVendor Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202402-04
https://security.netapp.com/advisory/ntap-20201123-0004/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
https://bugs.python.org/issue41944Issue TrackingPatchVendor Advisory

FAQ

What is CVE-2020-27619?

CVE-2020-27619 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

How severe is CVE-2020-27619?

CVE-2020-27619 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-27619?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Oracle Communications Cloud Native Core Network Function Cloud Native Environment.