Python Files or Directories Accessible to External Parties Vulnerability - CVE-2019-13404

DISPUTED The MSI installer for Python through 2.7.16 on Windows defaults to the C:Python27 directory which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor39s position is that it is the user39s responsibility to ensure C:Python27 access control or choose a different directory because backwards compatibility requires that C:Python27 remain the default for 2.7.x.