Skip to content

[security][CVE-2019-16935] A reflected XSS in python/Lib/DocXMLRPCServer.py #82424

Closed
@lwzSoviet

Description

@lwzSoviet
mannequin
BPO 38243
Nosy @vstinner, @larryhastings, @ned-deily, @JulienPalard, @corona10, @miss-islington, @tirkarthi, @lwzSoviet
PRs
  • bpo-38243: Escape the server_title of DocXMLRPCServer when rendering #16373
  • [3.8] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) #16439
  • [3.7] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) #16440
  • [3.6] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) #16441
  • [2.7] bpo-38243: Escape the server title of DocXMLRPCServer #16447
  • [3.5] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441) #16516
  • Files
  • poc.py
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
    closed_at = <Date 2019-10-29.05:43:00.681>
    created_at = <Date 2019-09-21.02:17:30.141>
    labels = ['type-security', '3.8', '3.7', 'library', '3.9']
    title = '[security][CVE-2019-16935] A reflected XSS in python/Lib/DocXMLRPCServer.py'
    updated_at = <Date 2020-03-23.14:58:02.727>
    user = 'https://github.com/lwzSoviet'

    bugs.python.org fields:

    activity = <Date 2020-03-23.14:58:02.727>
    actor = 'vstinner'
    assignee = 'none'
    closed = True
    closed_date = <Date 2019-10-29.05:43:00.681>
    closer = 'larry'
    components = ['Library (Lib)']
    creation = <Date 2019-09-21.02:17:30.141>
    creator = 'longwenzhang'
    dependencies = []
    files = ['48619']
    hgrepos = []
    issue_num = 38243
    keywords = ['patch', 'security_issue']
    message_count = 19.0
    messages = ['352921', '352922', '353132', '353140', '353169', '353170', '353301', '353395', '353403', '353404', '353407', '353418', '353440', '353668', '353677', '353689', '355614', '361819', '364855']
    nosy_count = 8.0
    nosy_names = ['vstinner', 'larry', 'ned.deily', 'mdk', 'corona10', 'miss-islington', 'xtreak', 'longwenzhang']
    pr_nums = ['16373', '16439', '16440', '16441', '16447', '16516']
    priority = 'high'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'security'
    url = 'https://bugs.python.org/issue38243'
    versions = ['Python 2.7', 'Python 3.5', 'Python 3.6', 'Python 3.7', 'Python 3.8', 'Python 3.9']

    Metadata

    Metadata

    Assignees

    No one assigned

      Labels

      3.7 (EOL)end of life3.8 (EOL)end of life3.9only security fixesstdlibPython modules in the Lib dirtype-securityA security issue

      Projects

      No projects

      Milestone

      No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions