[New-bugs-announce] [issue36506] An arbitrary execution vulnerability exists in the built-in function getattr
bigbigliang
report at bugs.python.org
Tue Apr 2 10:48:46 EDT 2019
New submission from bigbigliang <bigbigliang.malwarebenchmark at gmail.com>:
Dear Python Community,
We’ve found a bug in cpython Lib and already received a cve number (CVE-2019-10268).But to be honest, I'm not sure if it's a loophole.
Please tell me what to do next.
bigbigliang
----------
components: 2to3 (2.x to 3.x conversion tool)
messages: 339337
nosy: 18z, bigbigliang, christian.heimes, krnick, serhiy.storchaka, vstinner, xtreak
priority: normal
severity: normal
status: open
title: An arbitrary execution vulnerability exists in the built-in function getattr
type: security
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36506>
_______________________________________
More information about the New-bugs-announce
mailing list