Message 342363 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	push0ebp
Recipients	christian.heimes, cstratak, martin.panter, matrixise, push0ebp, vstinner, ware, xtreak
Date	2019-05-13.17:10:33
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1557767433.68.0.105053377437.issue35907@roundup.psfhosted.org>
In-reply-to

Content
If developers allow only http:// or https:// as whitelist, it has no problem. But, If someone blocks only one file://, attacker can bypass it. This issue may provides attacker with bypassing method as new scheme.

If developers allow only http:// or https:// as whitelist, it has no problem.
But, If someone blocks only one file://, attacker can bypass it.
This issue may provides attacker with bypassing method as new scheme.

History
Date	User	Action	Args
2019-05-13 17:10:33	push0ebp	set	recipients: + push0ebp, vstinner, christian.heimes, martin.panter, matrixise, cstratak, xtreak, ware
2019-05-13 17:10:33	push0ebp	set	messageid: <1557767433.68.0.105053377437.issue35907@roundup.psfhosted.org>
2019-05-13 17:10:33	push0ebp	link	issue35907 messages
2019-05-13 17:10:33	push0ebp	create