urllib FTP protocol stream injection

FTP protocol stream injection via malicious URLs.

  • Disclosure date: 2017-02-20 (blog post, mail to oss-security)
  • Reported at: 2016-01-15 (email sent to the PSRT list)
  • Reported by: Timothy D. Morgan (Blindspot)

Vulnerable Versions

  • Python 2.7
  • Python 3.3
  • Python 3.4
  • Python 3.5
  • Python 3.6

Python issue

urllib FTP protocol stream injection.

  • Python issue: issue #29606
  • Creation date: 2017-02-20
  • Reporter: ecbftw

Timeline

Timeline using the disclosure date 2017-02-20 as reference:

  • 2016-01-15 (-402 days): Reported (email sent to the PSRT list)
  • 2017-02-20: Disclosure date (blog post, mail to oss-security)
  • 2017-02-20 (+0 days): Python issue #29606 reported by ecbftw