When the malicious data is processed by CPython 3.10.4, due to its handling of certain operations, an attacker could potentially execute system commands. This leads to a remote code execution (RCE) vulnerability.
: Certain "ready-made" web applications running on this server version have been found to lack input sanitization in POST requests, allowing remote attackers to execute system commands (e.g., ping , whoami ) directly through web forms [ 0.5.5 ]. wsgiserver 0.2 cpython 3.10.4 exploit
The wsgiserver 0.2 implementation used in MkDocs 1.2.2 fails to properly sanitize URL paths, allowing the use of ../ sequences to escape the web root. When the malicious data is processed by CPython 3