-
Licaon_Kter
Heads up #python https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
-
mathieui
Licaon_Kter: sounds critical but who is passing user-generated data to ctypes?
-
jonas’
mathieui, step 1: take float from an API request, step 2: feed it into a library which is using ctypes?
-
mathieui
Yeah, I am just supposing that it is not very common to do so
-
tom
Not sending user generated input to exec() like a real programmer
-
jonas’
I don’t quite understand the scope of the vulnerability, but to me it reads as if it may be sufficient to pass some floats to numpy
-
jonas’
and print the array
-
Kris
does anyone know something like this but less abandoned? https://github.com/rakoo/ircg
-
Kris
this seems even more abandoned: https://github.com/kkaefer/medium
-
Kris
also found this: https://github.com/moparisthebest/xmpp-ircd
-
Kris
not sure if any better