Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://python-security.readthedocs.io/vuln/cookie-path-check.html below:

Incorrect validation of path — Python Security 0.0 documentation

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This database can be viewed online at the Open Source Vulnerability Database.

Cookies of example.com with path=/any were sent to example.com/anybad/ while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. The code did not check for the first non-matching character in prefix match to be a slash.

Dates:

• Disclosure date: 2019-01-03 (Python issue bpo-35647 reported)

• Python 2.7.17 (2019-10-19) fixed by commit ee15aa2 (branch 2.7) (2019-06-15)

• Python 3.4.10 (2019-03-18) fixed by commit e260f09 (branch 3.5) (2019-03-16)

• Python 3.5.7 (2019-03-18) fixed by commit 382981b (branch 3.4) (2019-03-16)

• Python 3.6.9 (2019-07-02) fixed by commit 5565b1d (branch 3.6) (2019-03-12)

• Python 3.7.3 (2019-03-25) fixed by commit 97c7d78 (branch 3.7) (2019-03-10)

• Python 3.8.0 (2019-10-14) fixed by commit 0e1f1f0 (branch 3.8) (2019-03-10)

Cookie path check returns incorrect results.

• Python issue: bpo-35647

• Creation date: 2019-01-03

• Reporter: Karthikeyan Singaravelan

Timeline using the disclosure date 2019-01-03 as reference:

• 2019-01-03: Python issue bpo-35647 reported by Karthikeyan Singaravelan

• 2019-03-10 (+66 days): commit 0e1f1f0 (branch 3.8)

• 2019-03-10 (+66 days): commit 97c7d78 (branch 3.7)

• 2019-03-12 (+68 days): commit 5565b1d (branch 3.6)

• 2019-03-16 (+72 days): commit 382981b (branch 3.4)

• 2019-03-16 (+72 days): commit e260f09 (branch 3.5)

• 2019-03-18 (+74 days): Python 3.4.10 released

• 2019-03-18 (+74 days): Python 3.5.7 released

• 2019-03-25 (+81 days): Python 3.7.3 released

• 2019-06-15 (+163 days): commit ee15aa2 (branch 2.7)

• 2019-07-02 (+180 days): Python 3.6.9 released

• 2019-10-14: Python 3.8.0 released

• 2019-10-19 (+289 days): Python 2.7.17 released

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4