### Vulnerability Overview - **CVE ID**: CVE-2020-2297 - **Description**: This vulnerability involves an issue with `SourcelessFileLoader` when using `io.open_code`. ### Impact Scope - **Affected Module**: `Lib/importlib/_bootstrap_external.py` - **Specific Functions**: `get_data` and `get_filename` ### Remediation - **Fix Details**: Ensure that `SourcelessFileLoader` uses `io.open_code`. - **Related Files**: - `Lib/importlib/_bootstrap_external.py` - `Misc/NEWS.d/next/Security/2020-03-04-18-59-17.gh-issue-145506.dhwEn.rst` ### Code Changes ```python # Lib/importlib/_bootstrap_external.py def get_data(self, path): """Return the data from path as raw bytes.""" if isinstance(self, (SourceLoader, ExtensionFileLoader)): if isinstance(self, (SourceLoader, SourcelessFileLoader, ExtensionFileLoader)): with _io.open_code(str(path)) as file: return file.read() else: ... ``` ### Additional Information - **Contributors**: miss-islington and zooba - **Submission Time**: 18 hours ago - **Related Issues**: GH-145506, GH-145507, GH-145515 ### Comments - No comments.