This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hroncok
Recipients hroncok, kj, lemburg, lukasz.langa, mdk, ned.deily, serhiy.storchaka, vstinner
Date 2021-03-10.00:31:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Todd Cullum from Red Hat Security team:

"I don't have an account on Python's tracker, would you mind forwarding to upstream on my behalf that this is not only locally exploitable, but it can be exploited by actors on the adjacent network as well because was introduced in Python 3.7.0 alpha 1. I just used the -n option and got to read some of my own files using my cell phone on the WiFi. It does require the port to be unblocked by firewall though."
Date User Action Args
2021-03-10 00:31:39hroncoksetrecipients: + hroncok, lemburg, vstinner, ned.deily, lukasz.langa, serhiy.storchaka, mdk, kj
2021-03-10 00:31:39hroncoksetmessageid: <>
2021-03-10 00:31:39hroncoklinkissue42988 messages
2021-03-10 00:31:38hroncokcreate