xml package does not obey ignore_environment

On two occasions, the xml package uses environment variables to override parser / DOM implementations: xml.sax package and xml.dom.domreg module. On both occasions, the code should not use env vars to override module names, when the interpreter is started with flags like -E or -I.

  • Disclosure date: 2018-09-24 (Python issue bpo-34791 reported)

Fixed In

Vulnerable Versions

  • Python 2.7
  • Python 3.4
  • Python 3.5
  • Python 3.6

Python issue

xml package does not obey sys.flags.ignore_environment.

  • Python issue: bpo-34791
  • Creation date: 2018-09-24
  • Reporter: Christian Heimes

Timeline

Timeline using the disclosure date 2018-09-24 as reference: