Description

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.

Remediation

References

CVE-2020-8315

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2020-7060)

WordPress Plugin Allow PHP in Posts and Pages 'id' Parameter SQL Injection (2.0.0.RC1)

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.11)

e107 Other Vulnerability (CVE-2005-1949)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)

Severity

Medium

Classification

CVE-2020-8315 CWE-20 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities