{"id":"CVE-2020-15801","details":"In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The \u003cexecutable-name\u003e._pth file (e.g., the python._pth file) is not affected.","aliases":["BIT-libpython-2020-15801","BIT-python-2020-15801","BIT-python-min-2020-15801"],"modified":"2026-05-18T14:50:25.323294Z","published":"2020-07-17T03:15:11.330Z","related":["SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","SUSE-SU-2025:20025-1","SUSE-SU-2025:20154-1","SUSE-SU-2025:20492-1","openSUSE-SU-2024:11283-1","openSUSE-SU-2024:11286-1","openSUSE-SU-2024:12089-1","openSUSE-SU-2024:12910-1","openSUSE-SU-2024:14109-1","openSUSE-SU-2024:14434-1","openSUSE-SU-2025:15713-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200731-0003/"},{"type":"FIX","url":"https://bugs.python.org/issue41304"},{"type":"FIX","url":"https://github.com/python/cpython/pull/21495"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"1bf9cc509326bc42cd8cb1650eb9bf64550d817e"},{"fixed":"13c94747c74437e594b7fc242ff7da668e81887c"},{"introduced":"fa919fdf2583bdfead1df00e842f24f30b2a34bf"},{"fixed":"580fbb018fd0844806119614d752b41fc69660f9"}],"database_specific":{"extracted_events":[{"introduced":"3.7.0"},{"fixed":"3.7.9"},{"introduced":"3.8.0"},{"fixed":"3.8.5"}],"cpe":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15801.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}