[issue30730] [security] Injecting environment variable in subprocess on Windows
Steve Dower
report at bugs.python.org
Sat Jul 1 00:37:07 EDT 2017
Steve Dower added the comment:
It's certainly exploitable for remote code execution if user data allows embedded nulls (can you URL encode %00?). The fixes look fine and shouldn't cause any new issues, though I thought that fsencode() already rejected embedded nulls - maybe I'm thinking of the argument converter though, which is not invoked here.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30730>
_______________________________________
More information about the Python-bugs-list
mailing list