[security] Injecting environment variable in subprocess on Windows

BPO | [30730](https://bugs.python.org/issue30730)
--- | :---
Nosy | @birkenfeld, @pfmoore, @vstinner, @larryhastings, @tjguk, @benjaminp, @ned-deily, @zware, @serhiy-storchaka, @zooba
PRs | <li>python/cpython#2325</li><li>python/cpython#2360</li><li>python/cpython#2361</li><li>python/cpython#2362</li><li>python/cpython#2363</li><li>python/cpython#2372</li><li>python/cpython#2376</li><li>python/cpython#2378</li><li>python/cpython#2379</li>

<sup>*Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.*</sup>

<details><summary>Show more details</summary><p>

GitHub fields:
```python
assignee = 'https://github.com/serhiy-storchaka'
closed_at = <Date 2017-07-19.05:17:56.399>
created_at = <Date 2017-06-22.08:07:00.032>
labels = ['type-security', 'extension-modules', '3.7', 'release-blocker']
title = '[security] Injecting environment variable in subprocess on Windows'
updated_at = <Date 2019-05-10.18:17:07.168>
user = 'https://github.com/serhiy-storchaka'
```

bugs.python.org fields:
```python
activity = <Date 2019-05-10.18:17:07.168>
actor = 'ned.deily'
assignee = 'serhiy.storchaka'
closed = True
closed_date = <Date 2017-07-19.05:17:56.399>
closer = 'serhiy.storchaka'
components = ['Extension Modules']
creation = <Date 2017-06-22.08:07:00.032>
creator = 'serhiy.storchaka'
dependencies = []
files = []
hgrepos = []
issue_num = 30730
keywords = []
message_count = 23.0
messages = ['296618', '296725', '296728', '296729', '296753', '296760', '296767', '296769', '296772', '297175', '297449', '297468', '297472', '297936', '298145', '298146', '298147', '298148', '298151', '298218', '298222', '298628', '298865']
nosy_count = 10.0
nosy_names = ['georg.brandl', 'paul.moore', 'vstinner', 'larry', 'tim.golden', 'benjamin.peterson', 'ned.deily', 'zach.ware', 'serhiy.storchaka', 'steve.dower']
pr_nums = ['2325', '2360', '2361', '2362', '2363', '2372', '2376', '2378', '2379']
priority = 'release blocker'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue30730'
versions = ['Python 2.7', 'Python 3.3', 'Python 3.4', 'Python 3.5', 'Python 3.6', 'Python 3.7']
```

</p></details>


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[security] Injecting environment variable in subprocess on Windows #74915

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

BPO	30730
Nosy	@birkenfeld, @pfmoore, @vstinner, @larryhastings, @tjguk, @benjaminp, @ned-deily, @zware, @serhiy-storchaka, @zooba
PRs	bpo-30730: Prevent environment variables injection in subprocess on Windows. #2325 [3.6] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) #2360 [3.5] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) #2361 [security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) #2362 [security][3.3] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) #2363 [2.7] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) #2372 bpo-30745: Fix compiler warnings introduced in bpo-30730. #2376 [3.6] bpo-30745: Fix compiler warnings introduced in bpo-30730. (GH-2376) #2378 [3.5] bpo-30745: Fix compiler warnings introduced in bpo-30730. (GH-2376) #2379

Uh oh!

[security] Injecting environment variable in subprocess on Windows #74915

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions