[issue32993] issue30657 Incomplete fix

yao zhihua added the comment: Okay my falut.I made the wrong issue.The issue is issue11662.Urlopen function can use the file protocol, when an attacker input file:///etc/passwd, it can leak the contents of the passwd file. -- ___ Python tracker

[issue32993] issue30657 Incomplete fix

Senthil Kumaran added the comment: @Yao, sorry, I don't understand it. What is POC trying to demonstrate? How is it related to https://bugs.python.org/issue30657 And CVE is this: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 -- nosy: +orsenthil ___

[issue32993] issue30657 Incomplete fix

New submission from yao zhihua : Due to the incomplete fix for CVE-2011-1521, urllib and urllib2 exist for this vulnerability and I tested on the version of Python 3.4.8 (default, Mar 4 2018, 20:37:04).I am sorry that I do not know how to fix it. -- components: Library (Lib) files: poc