CVSS 3.1 Score 6.1 of 10 (medium)


Published Dec 8, 2023
Updated: Dec 13, 2023
CWE ID 269


CVE-2023-6507 is a vulnerability found in the `subprocess` module of CPython 3.12.0 on POSIX platforms. This issue arises when using the `extra_groups=` parameter with an empty list as a value, which causes the logic to not drop the original processes' groups before starting the new process. The vulnerability does not affect other stable releases and can only impact CPython processes run with sufficient privilege (typically `root`). The issue was fixed in CPython 3.12.1.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6507 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options