Skip to content

[security][CVE-2020-27619] Python testsuite calls eval() on content received via HTTP #86110

New issue
New issue
Closed
Closed
[security][CVE-2020-27619] Python testsuite calls eval() on content received via HTTP#86110
Labels
3.10only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9only security fixestestsTests in the Lib/test dirtype-securityA security issue
@serhiy-storchaka

Description

@serhiy-storchaka
serhiy-storchaka
opened on Oct 5, 2020
BPO 41944
Nosy @vstinner, @ned-deily, @zware, @serhiy-storchaka, @The-Compiler, @pablogsal, @miss-islington
PRs
  • bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests #22566
  • bpo-41944: No longer call eval() on content received via HTTP in the UnicodeNames tests #22575
  • [3.9] bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests (GH-22566) #22576
  • [3.8] bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests (GH-22566) #22577
  • [3.7] bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests (GH-22566) #22578
  • [3.6] bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests (GH-22566) #22579
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2020-10-20.04:47:52.035>
created_at = <Date 2020-10-05.14:40:52.277>
labels = ['type-security', '3.8', '3.9', '3.10', '3.7', 'tests']
title = '[security][CVE-2020-27619] Python testsuite calls eval() on content received via HTTP'
updated_at = <Date 2020-11-04.13:09:52.449>
user = 'https://github.com/serhiy-storchaka'

    bugs.python.org fields:

    activity = <Date 2020-11-04.13:09:52.449>
actor = 'vstinner'
assignee = 'none'
closed = True
closed_date = <Date 2020-10-20.04:47:52.035>
closer = 'ned.deily'
components = ['Tests']
creation = <Date 2020-10-05.14:40:52.277>
creator = 'serhiy.storchaka'
dependencies = []
files = []
hgrepos = []
issue_num = 41944
keywords = ['patch', 'security_issue']
message_count = 19.0
messages = ['378036', '378104', '378105', '378106', '378107', '378108', '378110', '378111', '378114', '378117', '378118', '378119', '378120', '378125', '379082', '379085', '379713', '380319', '380320']
nosy_count = 7.0
nosy_names = ['vstinner', 'ned.deily', 'zach.ware', 'serhiy.storchaka', 'The Compiler', 'pablogsal', 'miss-islington']
pr_nums = ['22566', '22575', '22576', '22577', '22578', '22579']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue41944'
versions = ['Python 3.6', 'Python 3.7', 'Python 3.8', 'Python 3.9', 'Python 3.10']

    Metadata

    Metadata

    Assignees

    No one assigned

      Labels

      3.10only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9only security fixestestsTests in the Lib/test dirtype-securityA security issue

      Projects

      No projects

      Milestone

      No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions