Primary

Context

Python pkgutil Path Traversal Vulnerability

Vulnerability

Patched

A path traversal vulnerability has been identified in the Python standard library's pkgutil module. The issue arises because the pkgutil.get_data() function does not properly validate the resource argument, as required by the documentation. This lack of validation allows for unauthorized access to file system paths, potentially leading to the exposure of sensitive data.

Impact

Exploitation of this vulnerability could result in unauthorized file system access, allowing for path traversal attacks that could expose sensitive data.

Remediation

Users can update to the latest version of Python where this vulnerability has been addressed. Instructions for updating Python can be found in the official Python documentation.

Added: Mar 18, 2026, 8:11 PM

Updated: Mar 18, 2026, 8:11 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Python pkgutil Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Python

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating