Steven D'Aprano <steve+pyt...@pearwood.info> added the comment:
> loading the entire game or DNN (from STDIN) can be simply put into one line > as `locals().update(eval(sys.stdin.read()))` This is how you get command injection attacks. https://owasp.org/www-community/attacks/Command_Injection https://cwe.mitre.org/data/definitions/77.html ---------- nosy: +steven.daprano _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue44028> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
