Hi Server team,
could you, please, take a look into the following lines in wgsi.py:
def build_environ(self, scope, body):
...
environ = {
...
"SCRIPT_NAME": scope.get("root_path",
"").encode("utf8").decode("latin1"),
"PATH_INFO": scope["path"].encode("utf8").decode("latin1"),
"QUERY_STRING": scope["query_string"].decode("ascii"),
...
}
...
there is a concern around encode and decode non validated data that caught our
attention.
could you give us your feedback if you think that it is possible that someone
could
use malicious data in order to cause damage to the operation? (maybe some sort
of data
garbage in http headers)
thank you very much.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953173
Title:
[MIR] python-asgiref
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-asgiref/+bug/1953173/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
