Internet Bug Bounty disclosed on HackerOne: Python vulnerability:...
- Added on 2023-08-13
- Page: https://hackerone.com/reports/12297
- See on Internet Archive
- #new
Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index. The bug is caused by allowing the user to...