mickmick.net

Python Remote Code Execution Vulnerability

Release Date: 14 Aug 2023

RISK: Medium Risk

TYPE: Operating Systems - Application Platforms

A vulnerability was identified in Python. A remote attacker could exploit this vulnerability to trigger remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

---

System / Technologies affected

• Python version prior to 3.12
• Python version prior to 3.11.4
• Python version prior to 3.10.12
• Python version prior to 3.9.17
• Python version prior to 3.8.17
• Python version prior to 3.7.17

---

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

• https://blog.python.org/2023/06/python-3114-31012-3917-3817-3717-and.html

---

Vulnerability Identifier

• CVE-2023-24329

---

Source

• Python
• CERT/CC

---

Related Link

• https://kb.cert.org/vuls/id/127587
• https://blog.python.org/2023/06/python-3114-31012-3917-3817-3717-and.html