New submission from yao zhihua <hackyzh...@gmail.com>: Due to the incomplete fix for CVE-2011-1521, urllib and urllib2 exist for this vulnerability and I tested on the version of Python 3.4.8 (default, Mar 4 2018, 20:37:04).I am sorry that I do not know how to fix it.
---------- components: Library (Lib) files: poc.py messages: 313212 nosy: yao zhihua priority: normal severity: normal status: open title: issue30657 Incomplete fix type: security versions: Python 3.4 Added file: https://bugs.python.org/file47469/poc.py _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32993> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com