New submission from STINNER Victor <victor.stin...@gmail.com>: https://security-tracker.debian.org/tracker/CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. ---------- components: Library (Lib) messages: 308572 nosy: vstinner priority: normal severity: normal status: open title: CVE-2017-17522: webbrowser.py in Python does not validate strings type: security versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32367> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
