[issue36021] [Security][Windows] webbrowser: WindowsDefault uses os.startfile() and so can be abused to run arbitrary commands
STINNER Victor
report at bugs.python.org
Mon Feb 18 07:36:15 EST 2019
STINNER Victor <vstinner at redhat.com> added the comment:
> just to know if we need to fix os.startfile or WindowsDefault.
webbrowser shouldn't call os.startfile with a path to a program on the local hard drive.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36021>
_______________________________________
More information about the Python-bugs-list
mailing list