[New-bugs-announce] [issue30119] A remote attacker could possibly use this flaw to manipulate an FTP connection opened by a Python application
Dong-hee Na
report at bugs.python.org
Thu Apr 20 13:57:20 EDT 2017
New submission from Dong-hee Na:
It was discovered that the FTP client implementation in the Networking component of Python failed to correctly handle user inputs.
A remote attacker could possibly use this flaw to manipulate an FTP connection opened by a Python application if it could make it access a specially crafted FTP URL.
See
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
and https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-3533
I upload the patch for this issue.
----------
messages: 291988
nosy: corona10
priority: normal
severity: normal
status: open
title: A remote attacker could possibly use this flaw to manipulate an FTP connection opened by a Python application
type: security
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30119>
_______________________________________
More information about the New-bugs-announce
mailing list