Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
Summary | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | |
References |
|
|
03 May 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Dec 2022, 16:44
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/ - Mailing List, Third Party Advisory |
14 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Oct 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Oct 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Oct 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2022, 17:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/ - Mailing List, Third Party Advisory |
01 Oct 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Sep 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Aug 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." |
24 Aug 2022, 13:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Python
Python python |
|
CPE | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
CWE | CWE-601 | |
References | (MISC) https://bugs.python.org/issue43223 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://github.com/python/cpython/pull/24848 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/python/cpython/pull/93879 - Patch, Third Party Advisory |
23 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-23 01:15
Updated : 2024-04-11 01:11
NVD link : CVE-2021-28861
Mitre link : CVE-2021-28861
CVE.ORG link : CVE-2021-28861
JSON object : View
Products Affected
python
- python
fedoraproject
- fedora
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')