[issue35907] [security][CVE-2019-9948] Unnecessary URL scheme exists to allow local_file:// reading file in urllib
STINNER Victor
report at bugs.python.org
Mon May 18 10:16:27 EDT 2020
STINNER Victor <vstinner at python.org> added the comment:
> The solution is incomplete because it fixes just this single security issue, not the inherent fragility of this file.
If you want to propose a change to make the file "less fragile", please open a *new* separated issue.
The issue is about an exact vulnerability, the "local_file://" scheme, which has been fixed. I close again the issue.
----------
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35907>
_______________________________________
More information about the Python-bugs-list
mailing list