New submission from Dong-hee Na: It was discovered that the FTP client implementation in the Networking component of Python failed to correctly handle user inputs. A remote attacker could possibly use this flaw to manipulate an FTP connection opened by a Python application if it could make it access a specially crafted FTP URL.
See http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html and https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-3533 I upload the patch for this issue. ---------- messages: 291988 nosy: corona10 priority: normal severity: normal status: open title: A remote attacker could possibly use this flaw to manipulate an FTP connection opened by a Python application type: security _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30119> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
