BIT-python-2023-38898

BIT-python-2023-38898 PUBLISHED CVSS 5.300000190734863 MEDIUM

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Bitnami	python	3.13.0-alpha0, 3.13.0-alpha0, 3.13.0-alpha0

Exploit Intelligence

zephyr-crosstool-arm-grype.html (github-poc)

Timeline

Mar 6, 2024 CVE Published
Sep 5, 2025 CVE Updated

References

https://github.com/python/cpython/issues/105987 url

Open in Interactive Console →