|
|
|
|
|
|
by drdaeman
3627 days ago
|
|
|
There are mentions of Python... Does this affect WSGI applications, in particular, uWSGI? AFAIK, uWSGI somewhat resembles but doesn't emulate CGI (unlike how FastCGI works), and WSGI application's `environ` parameter isn't related to `os.environ`, so it should be safe. But I may be mistaken here... |
|
|
----
Python code must be deployed under CGI to be vulnerable. Usually, that’ll mean the vulnerable code will use a CGI handler like wsgiref.handlers.CGIHandler
This is not considered a normal way of deploying Python webapps (most people are using WSGI or FastCGI, both of which are not affected),