[New-bugs-announce] [issue7250] wsgiref.handlers.CGIHandler caches os.environ, leaking info between requests
Brandon Bloom
report at bugs.python.org
Mon Nov 2 08:34:05 CET 2009
New submission from Brandon Bloom <snprbob86 at gmail.com>:
This issue came up while doing Google App Engine development. Apparently
the default wsgi handler logic is to cache os.environ into os_environ at
import time. This is reasonable behavior for wsgi, but when using cgi,
this is a serious security hole which leaks information between requests.
See this related bug at GAE:
http://code.google.com/p/googleappengine/issues/detail?
id=2040&q=cookies%20dev_appserver.py&colspec=ID%20Type%20Status%20Priority
%20Stars%20Owner%20Summary%20Log%20Component
----------
components: Library (Lib)
messages: 94819
nosy: snprbob86
severity: normal
status: open
title: wsgiref.handlers.CGIHandler caches os.environ, leaking info between requests
type: security
versions: Python 2.5
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue7250>
_______________________________________
More information about the New-bugs-announce
mailing list