First published: Mon Oct 05 2020(Updated: )
An unspecified error with CJK codec tests call eval() on content retrieved throug HTTP in multibytecodec_support.py in Python has an unknown impact and attack vector.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python3 | <0:3.6.8-37.el8 | 0:3.6.8-37.el8 |
redhat/python27-babel | <0:0.9.6-10.el7 | 0:0.9.6-10.el7 |
redhat/python27-python | <0:2.7.18-3.el7 | 0:2.7.18-3.el7 |
redhat/python27-python-jinja2 | <0:2.6-16.el7 | 0:2.6-16.el7 |
redhat/python27-python-pygments | <0:1.5-5.el7 | 0:1.5-5.el7 |
redhat/rh-python38-babel | <0:2.7.0-12.el7 | 0:2.7.0-12.el7 |
redhat/rh-python38-python | <0:3.8.11-2.el7 | 0:3.8.11-2.el7 |
redhat/rh-python38-python-cryptography | <0:2.8-5.el7 | 0:2.8-5.el7 |
redhat/rh-python38-python-jinja2 | <0:2.10.3-6.el7 | 0:2.10.3-6.el7 |
redhat/rh-python38-python-lxml | <0:4.4.1-7.el7 | 0:4.4.1-7.el7 |
redhat/rh-python38-python-pip | <0:19.3.1-2.el7 | 0:19.3.1-2.el7 |
redhat/rh-python38-python-urllib3 | <0:1.25.7-7.el7 | 0:1.25.7-7.el7 |
Python Python | >=3.0.0<3.6.13 | |
Python Python | >=3.7.0<3.7.10 | |
Python Python | >=3.8.0<3.8.7 | |
Python Python | >=3.9.0<3.9.1 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =22.2.0 | |
redhat/python | <3.6.13 | 3.6.13 |
redhat/python | <3.7.10 | 3.7.10 |
redhat/python | <3.8.7 | 3.8.7 |
redhat/python | <3.9.1 | 3.9.1 |
debian/pypy3 | 7.3.5+dfsg-2+deb11u2 7.3.5+dfsg-2+deb11u4 7.3.11+dfsg-2+deb12u2 7.3.17+dfsg-3 | |
debian/python2.7 | <=2.7.18-8+deb11u1 | |
debian/python3.9 | 3.9.2-1 3.9.2-1+deb11u2 |
In versions of Python shipped with Red Hat Enterprise Linux and Red Hat Software Collections, the flaw can be mitigated by not running the python tests with network resources enabled. By default, the tests are not run with network resources enabled. Ensure that `-u network` or `-uall` are not passed as options to `python -m test`. For more information on how these commands work, see [1]. 1. https://docs.python.org/3/library/test.html
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The severity of CVE-2020-27619 is critical with a CVSS score of 9.8.
CVE-2020-27619 is an unspecified error with CJK codec tests in Python that calls eval() on content retrieved through HTTP, with an unknown impact and attack vector.
Python versions 3.6.13, 3.7.10, 3.8.7, and 3.9.1 are affected by CVE-2020-27619.
To fix CVE-2020-27619 in Python, update to the following versions or later: 3.6.14, 3.7.11, 3.8.8, or 3.9.2.
You can find more information about CVE-2020-27619 at the following references: [Link 1](https://bugs.python.org/issue41944), [Link 2](https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8), [Link 3](https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794).