]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4827483) | patch
bpo-42988: Remove the pydoc getfile feature (GH-25015)
authorVictor Stinner <vstinner@python.org>
Mon, 29 Mar 2021 12:40:40 +0000 (14:40 +0200)
committerGitHub <noreply@github.com>
Mon, 29 Mar 2021 12:40:40 +0000 (14:40 +0200)
commit9b999479c0022edfc9835a8a1f06e046f3881048
tree6a56be72c600d87ef99093f2af420a8ee6ae53f7tree | snapshot
parent4827483f47906fecee6b5d9097df2a69a293a85ccommit | diff
bpo-42988: Remove the pydoc getfile feature (GH-25015)

CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python
modules can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
Lib/pydoc.py diff | blob | blame | history
Lib/test/test_pydoc.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git