Bypassing sys.path Restrictions in Python 3.8.4

Bypassing sys.path Restrictions in Python 3.8.4

CVE-2020-15801 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

Learn more about our Web Application Penetration Testing UK.