Insecure DLL loading in Python - CVE-2017-20052

 

Insecure DLL loading in Python - CVE-2017-20052

Published: November 5, 2022 / Updated: June 3, 2025


Vulnerability identifier: #VU110144
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-20052
CWE-ID: CWE-427
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Python.org
Affected software:
Python

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.


How to mitigate CVE-2017-20052

Install update from vendor's website.

Sources