Author steven.daprano
Recipients steven.daprano, xuancong84
Date 2021-05-04.07:35:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620113732.91.0.262458460084.issue44028@roundup.psfhosted.org>
In-reply-to
Content
> loading the entire game or DNN (from STDIN) can be simply put into one line as `locals().update(eval(sys.stdin.read()))`

This is how you get command injection attacks.

https://owasp.org/www-community/attacks/Command_Injection

https://cwe.mitre.org/data/definitions/77.html
History
Date User Action Args
2021-05-04 07:35:32steven.dapranosetrecipients: + steven.daprano, xuancong84
2021-05-04 07:35:32steven.dapranosetmessageid: <1620113732.91.0.262458460084.issue44028@roundup.psfhosted.org>
2021-05-04 07:35:32steven.dapranolinkissue44028 messages
2021-05-04 07:35:32steven.dapranocreate