[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
solipsis at pitrou.net
Fri Sep 26 00:17:46 CEST 2014
On Thu, 25 Sep 2014 13:00:16 -0700
Bob Hanson <d2mp1a9 at newsguy.com> wrote:
> Critical bash vulnerability CVE-2014-6271 may affect Python on
> *n*x and OSX:
> Also see <news:gmane.comp.security.fulldisclosure> for thread on
> same being started today.
Fortunately, Python's subprocess has its `shell` argument default to
False. However, `os.system` invokes the shell implicitly and is
therefore a possible attack vector.
More information about the Python-Dev