osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Fuzzing the Python standard library


On Tue, Jul 17, 2018 at 4:57 PM Jussi Judin <jjudin+python at iki.fi> wrote:

> Quick answer: undocumented billion laughs/exponential entity expansion
> type of an attack that is accessible through web through any library that
> uses fractions module to parse user input (that are actually available on
> Github).
>

Are you suggesting a warning in the fractions documentation to mention that
large numbers require large amounts of memory?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180717/45d02a2a/attachment.html>