Why is this Python command injection possible?
Why is this Python command injection possible in a media service. The Python code builds a shell command with user input and runs it with shell=True. In Python backends this allows attackers to execute commands.
#whatswrongwiththispythoncode #pythonbug #pythonproductionbug #pythondebugging #pythonbackend #pythoncodereview #pythonmistake #pythonbestpractices #pythonreliability #pythonincident #pythona...
https://www.youtube.com/watch?v=4Bkzc5ZVrxE
Why is this Python command injection possible? #pythonvulnerability
Jeden błąd w #PyPy naprawiony, i #IPython w #Gentoo jest na #PyPy 3.11.
Jeden błąd w bibliotece standardowej #Pythona naprawiony, #Django w Gentoo jest na PyPy 3.11.
Powiedziałbym, że całkiem udany dzień.
https://github.com/pypy/pypy/pull/5239
https://github.com/python/cpython/pull/130962
#Python
Fix `LOAD_GLOBAL` disassembly on PyPy3.11 by mgorny · Pull Request #5239 · pypy/pypy
Disable the special branch for LOAD_GLOBAL disassembly introduced in CPython 3.11. The bytecode in PyPy has not been changed, and it causes incorrect disassembly.
Fixes #5238
Python Peak
Jezus Michał "Le Wzdych" (on)
William Pii
