CVE-2020-8315

MEDIUM

Python <3.6.11, <3.7.7, <3.8.2 - Info Disclosure

Title source: llm

Description

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.

References (1)

[Issue Tracking, Patch, Vendor Advisory] https://bugs.python.org/issue39401

Scores

CVSS v3 5.5

EPSS 0.0032

EPSS Percentile 54.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-427

Status published

Affected Products (1)

python/python < 3.6.10

Timeline

Published Jan 28, 2020

Tracked Since Feb 18, 2026