]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ab624b) | patch
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13513)
authorVictor Stinner <vstinner@redhat.com>
Wed, 29 May 2019 02:30:48 +0000 (04:30 +0200)
committerNed Deily <nad@python.org>
Wed, 29 May 2019 02:30:47 +0000 (22:30 -0400)
commit4f06dae5d8d4400ba38d8502da620f07d4a5696e
treebf6b1888fc9236807585abc228202b1588695680tree | snapshot
parent8ab624b17ba656e9af5a79be6af0cf2911a111bacommit | diff
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13513)

CVE-2019-9948: Avoid file reading by disallowing local-file:// and
local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587)
(cherry picked from commit 34bab215596671d0dec2066ae7d7450cd73f638b)
Lib/test/test_urllib.py diff | blob | history
Lib/urllib/request.py diff | blob | history
Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.