Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-28861

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.python.or...
MISC: https://github.com/pyt...
MISC: https://github.com/pyt...
FEDORA: FEDORA-2022-f511f8f58b
FEDORA: FEDORA-2022-7fff0f2b0b
FEDORA: FEDORA-2022-a27e239f5a
FEDORA: FEDORA-2022-a2be4bd5d8
FEDORA: FEDORA-2022-15f1aa7dc7
FEDORA: FEDORA-2022-fde69532df
FEDORA: FEDORA-2022-4ac2e16969
FEDORA: FEDORA-2022-61d8e8d880
FEDORA: FEDORA-2022-01d5789c08
FEDORA: FEDORA-2022-2173709172
FEDORA: FEDORA-2022-d1682fef04
FEDORA: FEDORA-2022-20116fb6aa
FEDORA: FEDORA-2022-79843dfb3c
FEDORA: FEDORA-2022-7ca361a226
GENTOO: GLSA-202305-02

Launchpad.net

CVE 2021-28861

Related bugs

References