[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
Senthil Kumaran
report at bugs.python.org
Fri Jan 22 07:58:27 EST 2021
Senthil Kumaran <senthil at uthcode.com> added the comment:
Ken, Please don't close your PR. I will review it. It has a CLA signed
which is helpful.
On Fri, Jan 22, 2021 at 4:53 AM Ken Jin <report at bugs.python.org> wrote:
>
> Ken Jin <kenjin4096 at gmail.com> added the comment:
>
> Adam, I linked a PR 2 days ago here
> https://github.com/python/cpython/pull/24271 , it has the test suite
> passing and the appropriate changes to cgi.py. Would you like to review it?
> Or since you submitted a PR, would you prefer I close mine instead?
>
> ----------
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <https://bugs.python.org/issue42967>
> _______________________________________
>
----------
title: [security] urllib.parse.parse_qsl(): Web cache poisoning - `;` as a query args separator -> [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42967>
_______________________________________
More information about the Python-bugs-list
mailing list