Georgi Guninski highlights an insecure code example (XSS vulnerability) in Python’s official documentation, specifically within the CGI module. This potentially impacts Python web development and contributes to vulnerabilities in popular sites like Chatgpt and Deepseek. Although CGI has been deprecated in Python 3.11 and removed in 3.13, there is still a significant amount of legacy Python CGI code in use. Guninski emphasizes the importance of reading documentation to stay informed and points out the surprising survival of this insecure code example for so long. This controversial information raises awareness about the need for proper mitigation strategies in Python development.
https://seclists.org/fulldisclosure/2025/Feb/15