[New-bugs-announce] [issue11641] raw_input() -> input() security issue

anatoly techtonik report at bugs.python.org
Wed Mar 23 00:09:36 CET 2011

New submission from anatoly techtonik <techtonik at gmail.com>:

2to3 converts raw_input() calls into input(), and input() runs all user data through eval(). This opens a hole in previously secure Python2.x applications.

Is the author of this change aware of the issue?

components: 2to3 (2.x to 3.0 conversion tool)
messages: 131805
nosy: techtonik
priority: normal
severity: normal
status: open
title: raw_input() -> input() security issue
type: security
versions: Python 3.2

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list