[New-bugs-announce] [issue11641] raw_input() -> input() security issue
anatoly techtonik
report at bugs.python.org
Wed Mar 23 00:09:36 CET 2011
New submission from anatoly techtonik <techtonik at gmail.com>:
2to3 converts raw_input() calls into input(), and input() runs all user data through eval(). This opens a hole in previously secure Python2.x applications.
Is the author of this change aware of the issue?
----------
components: 2to3 (2.x to 3.0 conversion tool)
messages: 131805
nosy: techtonik
priority: normal
severity: normal
status: open
title: raw_input() -> input() security issue
type: security
versions: Python 3.2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11641>
_______________________________________
More information about the New-bugs-announce
mailing list