gh-104711: Add security warning to the CGIHTTPRequestHandler document (GH-115915)

author AN Long <aisk@users.noreply.github.com>

Mon, 4 Mar 2024 11:54:46 +0000 (19:54 +0800)

committer GitHub <noreply@github.com>

Mon, 4 Mar 2024 11:54:46 +0000 (11:54 +0000)
author AN Long <aisk@users.noreply.github.com>
Mon, 4 Mar 2024 11:54:46 +0000 (19:54 +0800)
committer GitHub <noreply@github.com>
Mon, 4 Mar 2024 11:54:46 +0000 (11:54 +0000)
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst

index c42103599d1fd7aa6fd6c87faa73a0eb58088251..89c1756c4354bdbb0b99b2680de983c672ca4ad4 100644 (file)
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -502,6 +502,12 @@ the ``--cgi`` option::
  
          python -m http.server --cgi
  
+.. warning::
+
+   :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option
+   are not intended for use by untrusted clients and may be vulnerable
+   to exploitation. Always use within a secure environment.
+
  .. _http.server-security:
  
  Security Considerations
author	AN Long <aisk@users.noreply.github.com>
	Mon, 4 Mar 2024 11:54:46 +0000 (19:54 +0800)
committer	GitHub <noreply@github.com>
	Mon, 4 Mar 2024 11:54:46 +0000 (11:54 +0000)