This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients vstinner
Date 2017-12-18.16:29:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>

Lib/ in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
Date User Action Args
2017-12-18 16:29:03vstinnersetrecipients: + vstinner
2017-12-18 16:29:03vstinnersetmessageid: <>
2017-12-18 16:29:03vstinnerlinkissue32367 messages
2017-12-18 16:29:03vstinnercreate