The title says “code execution”, but you need your Python code to already be
running in order to trigger this, so I’d rather classify it as a sandbox escape
since just by manipulating built-in CPython objects you can do buffer overflows
and get the address of system and ROP ur way to success, without importing
any new modules.
I think the only way to block this exploit is to completely never load the io
module, which severely limits a lot of Python code…
Full exploit code here