[issue41944] Python testsuite calls eval() on content received via HTTP
Florian Bruhin
report at bugs.python.org
Tue Oct 6 05:15:43 EDT 2020
Florian Bruhin <python.org at the-compiler.org> added the comment:
I wonder if I should request a CVE for this as well? Just to make sure the word gets out to distributions/organizations/etc. running the Python testsuite, given that we can't be sure it which contexts this happens (and as it could be exploited by e.g. spoofing a WiFi network or so).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41944>
_______________________________________
More information about the Python-bugs-list
mailing list