[$] A pair of Python vulnerabilities

Post Syndicated from jake original https://lwn.net/Articles/846847/rss

Two separate vulnerabilities led to the fast-tracked release
of Python 3.9.2 and 3.8.8 on February 19, though source-only
releases
of 3.7.10 and 3.6.13 came a few days earlier. The
vulnerabilities may be problematic for some Python users and
workloads; one could potentially lead to remote code execution. The other
is, arguably, not exactly a flaw in the Python standard library—it simply
also follows an older standard—but it can lead to web cache
poisoning
attacks.