References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

CWE-400

https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c

https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84

https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca

https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742

https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba

https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c

If the value passed to os.path.expandvars() is user-controlled a 
performance degradation is possible when expanding environment 
variables.

AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

https://github.com/python/cpython/issues/136065

https://mail.python.org/archives/list/[email protected]/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/