Hi Server team, could you, please, take a look into the following lines in wgsi.py:
def build_environ(self, scope, body): ... environ = { ... "SCRIPT_NAME": scope.get("root_path", "").encode("utf8").decode("latin1"), "PATH_INFO": scope["path"].encode("utf8").decode("latin1"), "QUERY_STRING": scope["query_string"].decode("ascii"), ... } ... there is a concern around encode and decode non validated data that caught our attention. could you give us your feedback if you think that it is possible that someone could use malicious data in order to cause damage to the operation? (maybe some sort of data garbage in http headers) thank you very much. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1953173 Title: [MIR] python-asgiref To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-asgiref/+bug/1953173/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs