[issue42988] [security] CVE-2021-3426: Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem
miss-islington
report at bugs.python.org
Mon Mar 29 09:02:56 EDT 2021
miss-islington <mariatta.wijaya+miss-islington at gmail.com> added the comment:
New changeset 7e38d3309e0a5a7b9e23ef933aef0079c6e317f7 by Miss Islington (bot) in branch '3.8':
bpo-42988: Remove the pydoc getfile feature (GH-25015)
https://github.com/python/cpython/commit/7e38d3309e0a5a7b9e23ef933aef0079c6e317f7
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42988>
_______________________________________
More information about the Python-bugs-list
mailing list