[proxy] web.archive.org← back | site home | direct (HTTPS) ↗ | proxy home | ◑ dark◐ light

[3.6] bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505) by vstinner · Pull Request #13513 · python/cpython

the-knights-who-say-ni

The Wayback Machine - https://web.archive.org/web/20191217011334/https://github.com/python/cpython/pull/13513

Join GitHub today

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

Sign up

Conversation

Merged 

…) (GH-13505)

CVE-2019-9948: Avoid file reading by disallowing local-file:// and
local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3)
(cherry picked from commit 34bab21)

ned-deily merged commit 4f06dae into python:3.6

May 29, 2019

6 checks passed

Azure Pipelines PR #20190527.4 succeeded

Details

bedevere/issue-number Issue number 35907 found

Details

bedevere/maintenance-branch-pr Valid maintenance branch PR title.

bedevere/news News entry found in Misc/NEWS.d

continuous-integration/appveyor/pr AppVeyor build succeeded

Details

continuous-integration/travis-ci/pr The Travis CI build passed

Details

vstinner deleted the vstinner:local_file36 branch

Jul 15, 2019