]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 81c5ec9) | patch
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505)
authorVictor Stinner <vstinner@redhat.com>
Wed, 22 May 2019 21:28:28 +0000 (23:28 +0200)
committerGitHub <noreply@github.com>
Wed, 22 May 2019 21:28:28 +0000 (23:28 +0200)
commit34bab215596671d0dec2066ae7d7450cd73f638b
treed41faeb34447cbdcf542a1f6ff79ca92a2722eb2tree | snapshot
parent81c5ec9e417aebfe92945a05771006e4241f4e08commit | diff
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505)

CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL
scheme in URLopener().open() and URLopener().retrieve()
of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587)
Lib/test/test_urllib.py diff | blob | blame | history
Lib/urllib/request.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git