Message378017
> It is also not safe to pass data downloaded from untrusted source to eval().
To make matters worse, it's downloaded via HTTP (rather than HTTPS) - so anyone who can mess with the network of a machine running the Python testsuite can run arbitrary code on that machine.
(I contacted security@python.org about this a couple of hours ago, but I guess this is effectively public now anyways :D) |
|
Date |
User |
Action |
Args |
2020-10-05 10:51:01 | The Compiler | set | recipients:
+ The Compiler, vstinner, serhiy.storchaka |
2020-10-05 10:51:01 | The Compiler | set | messageid: <1601895061.9.0.320270766693.issue41940@roundup.psfhosted.org> |
2020-10-05 10:51:01 | The Compiler | link | issue41940 messages |
2020-10-05 10:51:01 | The Compiler | create | |
|