[issue29606] urllib FTP protocol stream injection
STINNER Victor
report at bugs.python.org
Fri Jul 21 07:54:09 EDT 2017
STINNER Victor added the comment:
> What is wrong with an URL containing '\n'?
For the attack, see http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
Honestly, I don't understand well the bug :) But it doesn't seem correct to me to have a newline in a hostname.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29606>
_______________________________________
More information about the Python-bugs-list
mailing list