CVE-2023-38898

Summary

CVE-2023-38898 is a disputed vulnerability in Python's cpython version 3.7. The issue is said to allow an attacker to obtain sensitive information through the _asyncio._swap_current_task component. However, the vendor maintains that this issue does not affect version 3.7 or any other release, as it's a bug in some 3.12 pre-releases. Furthermore, the vendor argues that there are no common scenarios where an attacker can call _asyncio._swap_current_task without already having the ability to call arbitrary functions. Lastly, they claim that there are no common scenarios where sensitive information, which is not already accessible to an attacker, becomes accessible through this bug.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.