From: AN Long <aisk@users.noreply.github.com>
Date: Mon, 4 Mar 2024 11:54:38 +0000 (+0800)
Subject: gh-104711: Add security warning to the CGIHTTPRequestHandler document (GH-115915)
X-Git-Tag: v3.12.3~158
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eb0603b855bb3928f34e3bff391e3a40fab95265;p=thirdparty%2FPython%2Fcpython.git

gh-104711: Add security warning to the CGIHTTPRequestHandler document (GH-115915)

(cherry picked from commit dac8ff4c401f75e65a5eef1514f2d7987e63bbfe)
---

diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst
index eb3a6a87a11e..e6d3bb45ef01 100644
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -507,6 +507,12 @@ the ``--cgi`` option::
 
         python -m http.server --cgi
 
+.. warning::
+
+   :class:`CGIHTTPRequestHandler` and the ``--cgi`` command line option
+   are not intended for use by untrusted clients and may be vulnerable
+   to exploitation. Always use within a secure environment.
+
 .. _http.server-security:
 
 Security Considerations