]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2ddbd21) | patch
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474)
authorVictor Stinner <victor.stinner@gmail.com>
Wed, 22 May 2019 20:15:01 +0000 (22:15 +0200)
committerGitHub <noreply@github.com>
Wed, 22 May 2019 20:15:01 +0000 (22:15 +0200)
commit0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587
treed43ef81f590349a7e9d5cff0564f7b4667b43f2ctree | snapshot
parent2ddbd21aec7f0e2f237a1073d3e0b313e673413fcommit | diff
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474)

CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL
scheme in URLopener().open() and URLopener().retrieve()
of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
Lib/test/test_urllib.py diff | blob | history
Lib/urllib/request.py diff | blob | history
Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.