New submission from longwenzhang :
It's "Lib/DocXMLRPCServer.py" in python2x or "Lib/xmlrpc/server.py" in python3x.
Steps to reproduce:
1.Lib/DocXMLRPCServer.py is “a documenting XML-RPC Server“,In the Class
ServerHTMLDoc, method markup(), will escape the Specia
longwenzhang added the comment:
It seems to be only used in test. Does it need to be repaired?
--
___
Python tracker
<https://bugs.python.org/issue38
New submission from longwenzhang :
There is a Path Traversal vulnerability in
https://github.com/python/cpython/blob/master/Lib/test/ssl_servers.py (on
windows platform), Steps to reproduce:
1.Run the script
https://github.com/python/cpython/blob/master/Lib/test/ssl_servers.py
2.If you visit
