Florian Bruhin <[email protected]> added the comment:
> It is also not safe to pass data downloaded from untrusted source to eval(). To make matters worse, it's downloaded via HTTP (rather than HTTPS) - so anyone who can mess with the network of a machine running the Python testsuite can run arbitrary code on that machine. (I contacted [email protected] about this a couple of hours ago, but I guess this is effectively public now anyways :D) ---------- nosy: +The Compiler _______________________________________ Python tracker <[email protected]> <https://bugs.python.org/issue41940> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
