CVE-2020-27619
Summary
| CVE | CVE-2020-27619 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-22 03:16:00 UTC |
| Updated | 2024-02-03 07:15:00 UTC |
| Description | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 22.2.0 | All | All | All |
| Application | Python | Python | All | All | All | All |
| Application | Python | Python | 3.9.0 | - | All | All |
| Application | Python | Python | 3.9.0 | All | All | All |
| Application | Python | Python | 3.9.0 | - | All | All |
| Application | Python | Python | All | All | All | All |
| Application | Python | Python | All | All | All | All |
| Application | Python | Python | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 33 Update: python2.7-2.7.18-11.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Issue 41944: [security] Python testsuite calls eval() on content received via HTTP - Python tracker | MISC | bugs.python.org | Issue Tracking, Patch, Vendor Advisory |
| bpo-41944: No longer call eval() on content received via HTTP in the … · python/cpython@6c6c256 · GitHub | MISC | github.com | Patch, Vendor Advisory |
| [SECURITY] Fedora 33 Update: python2.7-2.7.18-11.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| bpo-41944: No longer call eval() on content received via HTTP in the … · python/cpython@e912e94 · GitHub | MISC | github.com | Patch, Vendor Advisory |
| [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| CVE-2020-27619 Python Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| [SECURITY] Fedora 34 Update: python2.7-2.7.18-11.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| bpo-41944: No longer call eval() on content received via HTTP in the … · python/cpython@b664a1d · GitHub | MISC | github.com | Patch, Vendor Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| bpo-41944: No longer call eval() on content received via HTTP in the … · python/cpython@43e5231 · GitHub | MISC | github.com | Patch, Vendor Advisory |
| [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | lists.apache.org | ||
| [SECURITY] Fedora 34 Update: python2.7-2.7.18-11.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| GNAT Ada Suite: Remote Code Execution (GLSA 202402-04) — Gentoo security | security.gentoo.org | ||
| bpo-41944: No longer call eval() on content received via HTTP in the … · python/cpython@2ef5caa · GitHub | MISC | github.com | Patch, Vendor Advisory |
| [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | lists.apache.org | ||
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159200 Oracle Enterprise Linux Security Update for python3 (ELSA-2021-1633)
- 159463 Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2021-4151)
- 198293 Ubuntu Security Notification for Python2.7, Python3.7, Python3.8 Vulnerabilities (USN-4754-3)
- 239323 Red Hat Update for python3 (RHSA-2021:1633)
- 239580 Red Hat Update for rh-python38 (RHSA-2021:3254)
- 239582 Red Hat Update for python27 (RHSA-2021:3252)
- 239826 Red Hat Update for python27:2.7 (RHSA-2021:4151)
- 281120 Fedora Security Update for python2.7 (FEDORA-2021-12df7f7382)
- 281121 Fedora Security Update for python2.7 (FEDORA-2021-98720f3785)
- 352384 Amazon Linux Security Advisory for python3: ALAS2-2021-1670
- 353942 Amazon Linux Security Advisory for python : ALAS2-2022-1802
- 353955 Amazon Linux Security Advisory for python27 : ALAS-2022-1593
- 356244 Amazon Linux Security Advisory for python38 : ALASPYTHON3.8-2023-009
- 356421 Amazon Linux Security Advisory for python3 : ALAS2-2023-2317
- 375320 Python 3 Denial of Service (DoS) Vulnerability
- 376090 IBM Cognos Analytics Multiple Vulnerabilities (6491661)
- 377387 Alibaba Cloud Linux Security Update for python3 (ALINUX3-SA-2021:0080)
- 670921 EulerOS Security Update for python2 (EulerOS-SA-2020-2527)
- 750013 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2021:1621-1)
- 750463 OpenSUSE Security Update for python3 (openSUSE-SU-2020:2333-1)
- 750464 OpenSUSE Security Update for python3 (openSUSE-SU-2020:2332-1)
- 900021 CBL-Mariner Linux Security Update for python3 3.7.9
- 903095 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (3516)
- 940187 AlmaLinux Security Update for python3 (ALSA-2021:1633)
- 940522 AlmaLinux Security Update for python27:2.7 (ALSA-2021:4151)
- 940526 AlmaLinux Security Update for python38:3.8 and python38-devel:3.8 (ALSA-2021:4162)
- 960320 Rocky Linux Security Update for python27:2.7 (RLSA-2021:4151)
- 960342 Rocky Linux Security Update for python38:3.8 and python38-devel:3.8 (RLSA-2021:4162)