Florian Bruhin <python....@the-compiler.org> added the comment:
> It is also not safe to pass data downloaded from untrusted source to eval(). To make matters worse, it's downloaded via HTTP (rather than HTTPS) - so anyone who can mess with the network of a machine running the Python testsuite can run arbitrary code on that machine. (I contacted secur...@python.org about this a couple of hours ago, but I guess this is effectively public now anyways :D) ---------- nosy: +The Compiler _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue41940> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com