]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4134f15) | patch
bpo-42988: Remove the pydoc getfile feature (GH-25015) (GH-25067)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 29 Mar 2021 15:40:53 +0000 (08:40 -0700)
committerGitHub <noreply@github.com>
Mon, 29 Mar 2021 15:40:53 +0000 (11:40 -0400)
commit5b1e50256b6532667b6d31debc350f6c7d3f30aa
tree74afc8fb3c5813661a980d5ec8e9f96292a88d57tree | snapshot
parent4134f154ae2f621f25c5d698cc0f1748035a1b88commit | diff
bpo-42988: Remove the pydoc getfile feature (GH-25015) (GH-25067)

CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python
modules can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
(cherry picked from commit 9b999479c0022edfc9835a8a1f06e046f3881048)

Co-authored-by: Victor Stinner <vstinner@python.org>
Lib/pydoc.py diff | blob | blame | history
Lib/test/test_pydoc.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git