{"id":"CVE-2020-15523","details":"In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.","aliases":["BIT-libpython-2020-15523","BIT-python-2020-15523","BIT-python-min-2020-15523","PSF-2020-4"],"modified":"2026-03-12T02:16:49.694424735Z","published":"2020-07-04T23:15:10.313Z","related":["SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","SUSE-SU-2025:20025-1","SUSE-SU-2025:20154-1","SUSE-SU-2025:20492-1","openSUSE-SU-2024:11283-1","openSUSE-SU-2024:11286-1","openSUSE-SU-2024:12089-1","openSUSE-SU-2024:12910-1","openSUSE-SU-2024:14109-1","openSUSE-SU-2024:14434-1","openSUSE-SU-2025:15713-1"],"references":[{"type":"ADVISORY","url":"https://bugs.python.org/issue29778"},{"type":"ADVISORY","url":"https://github.com/python/cpython/pull/21297"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210312-0004/"},{"type":"REPORT","url":"https://bugs.python.org/issue29778"},{"type":"REPORT","url":"https://security.netapp.com/advisory/ntap-20210312-0004/"},{"type":"FIX","url":"https://bugs.python.org/issue29778"},{"type":"FIX","url":"https://github.com/python/cpython/pull/21297"},{"type":"FIX","url":"https://security.netapp.com/advisory/ntap-20210312-0004/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"1bf9cc509326bc42cd8cb1650eb9bf64550d817e"},{"fixed":"13c94747c74437e594b7fc242ff7da668e81887c"},{"introduced":"2e789a1f1d84b343a996e8654590703b5fbdd441"},{"fixed":"426b022776672fdf3d71ddd98d89af341c88080f"},{"introduced":"5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12"},{"fixed":"c0a9afe2ac1820409e6173bd1893ebee2cf50270"},{"introduced":"fa919fdf2583bdfead1df00e842f24f30b2a34bf"},{"fixed":"dfa645a65ec0788d98851130a217e029d1cc4e9b"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15523.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}