| commit | 8d24d77c63bdbf25d68bf0a6cad408d06abf2d00 | [log] [tgz] |
|---|---|---|
| author | Benjamin Peterson <benjamin@python.org> | Sat Jun 14 18:36:29 2014 -0700 |
| committer | Benjamin Peterson <benjamin@python.org> | Sat Jun 14 18:36:29 2014 -0700 |
| tree | 31f600e2a4e6d8d72191552d2a09f411604655d3 | |
| parent | ce817cb36d7e8764b5ddecadea4b02276879d631 [diff] [blame] |
url unquote the path before checking if it refers to a CGI script (closes #21766)
diff --git a/Misc/NEWS b/Misc/NEWS index b09bd84..310d237 100644 --- a/Misc/NEWS +++ b/Misc/NEWS
@@ -25,6 +25,9 @@ Library ------- +- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths + before checking for a CGI script at that path. + - Issue #21310: Fixed possible resource leak in failed open(). - Issue #21304: Backport the key derivation function hashlib.pbkdf2_hmac from