Author ecbftw
Recipients ecbftw
Date 2017-02-20.16:49:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Please see:

This was reported to security at python dot org, but as far as I can tell, they sat on it for a year.

I don't think there is a proper way to encode newlines in CWD commands, according the FTP RFC.  If that is the case, then I suggest throwing an exception on any URLs that contain one of '\r\n\0' or any other characters that the FTP protocol simply can't support.
Date User Action Args
2017-02-20 16:49:02ecbftwsetrecipients: + ecbftw
2017-02-20 16:49:02ecbftwsetmessageid: <>
2017-02-20 16:49:02ecbftwlinkissue29606 messages
2017-02-20 16:49:02ecbftwcreate