This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author push0ebp
Recipients christian.heimes, cstratak, martin.panter, matrixise, push0ebp, vstinner, ware, xtreak
Date 2019-05-13.17:10:33
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1557767433.68.0.105053377437.issue35907@roundup.psfhosted.org>
In-reply-to
Content
If developers allow only http:// or https:// as whitelist, it has no problem.
But, If someone blocks only one file://, attacker can bypass it.
This issue may provides attacker with bypassing method as new scheme.
History
Date User Action Args
2019-05-13 17:10:33push0ebpsetrecipients: + push0ebp, vstinner, christian.heimes, martin.panter, matrixise, cstratak, xtreak, ware
2019-05-13 17:10:33push0ebpsetmessageid: <1557767433.68.0.105053377437.issue35907@roundup.psfhosted.org>
2019-05-13 17:10:33push0ebplinkissue35907 messages
2019-05-13 17:10:33push0ebpcreate