[issue42988] [security] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem
Ned Deily
report at bugs.python.org
Thu Jan 28 09:46:42 EST 2021
Ned Deily <nad at python.org> added the comment:
Resolution of this issue is blocking 3.7.x and 3.6.x security releases and threatens to block upcoming maintenance releases.
----------
nosy: +lukasz.langa, ned.deily
priority: normal -> release blocker
title: Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem -> [security] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42988>
_______________________________________
More information about the Python-bugs-list
mailing list