Main Vulnerability Database SB2022110504

SB2022110504 - Insecure DLL loading in Python

Published: November 5, 2022 Updated: June 3, 2025

Security Bulletin ID SB2022110504

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insecure DLL loading (CVE-ID: CVE-2017-20052)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Remediation

Install update from vendor's website.

References

https://vuldb.com/?id.97822
http://seclists.org/fulldisclosure/2017/Feb/92
https://security.netapp.com/advisory/ntap-20220804-0005/