[issue5753] CVE-2008-5983 python: untrusted python modules search path

Jesús Cea Avión report at bugs.python.org
Tue Sep 28 05:25:17 CEST 2010

Jesús Cea Avión <jcea at jcea.es> added the comment:

This issue is equivalent to MS Windows DLL hijacking (the MS situation is worse, because the DDL can be in network shares or, even , in remote webdav servers):


When I learned about this attack, my first thought was "what if sys.path.index('')>=0?". Arg!.


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list