Message 392856 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steven.daprano
Recipients	steven.daprano, xuancong84
Date	2021-05-04.07:35:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1620113732.91.0.262458460084.issue44028@roundup.psfhosted.org>
In-reply-to

Content
> loading the entire game or DNN (from STDIN) can be simply put into one line as `locals().update(eval(sys.stdin.read()))` This is how you get command injection attacks. https://owasp.org/www-community/attacks/Command_Injection https://cwe.mitre.org/data/definitions/77.html

> loading the entire game or DNN (from STDIN) can be simply put into one line as `locals().update(eval(sys.stdin.read()))`

This is how you get command injection attacks.

https://owasp.org/www-community/attacks/Command_Injection

https://cwe.mitre.org/data/definitions/77.html

History
Date	User	Action	Args
2021-05-04 07:35:32	steven.daprano	set	recipients: + steven.daprano, xuancong84
2021-05-04 07:35:32	steven.daprano	set	messageid: <1620113732.91.0.262458460084.issue44028@roundup.psfhosted.org>
2021-05-04 07:35:32	steven.daprano	link	issue44028 messages
2021-05-04 07:35:32	steven.daprano	create