[issue32367] [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings
Ned Deily
report at bugs.python.org
Sat Mar 10 15:48:11 EST 2018
Ned Deily <nad at python.org> added the comment:
Update: https://security-tracker.debian.org/tracker/CVE-2017-17522
"** DISPUTED [...] NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting."
----------
nosy: +ned.deily
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32367>
_______________________________________
More information about the Python-bugs-list
mailing list