New submission from Stephen Farris :
The subprocess docs state: "When using shell=True, the shlex.quote() function
can be used to properly escape whitespace and shell metacharacters in strings
that are going to be used to construct shell commands." While this is true on
Unix, it i
Change by Stephen Farris :
--
type: -> security
___
Python tracker
<https://bugs.python.org/issue40932>
___
___
Python-bugs-list mailing list
Unsubscrib
New submission from Stephen Farris:
The dumbdbm module uses an unchecked call to eval() in the _update method,
which is called in response to a call to dumbdbm.open(), and is used to load
the index from the directory file. This poses a security vulnerability because
it allows an attacker to
