Skip to content
Snippets Groups Projects
Unverified Commit 4abab6b6 authored by Gregory P. Smith's avatar Gregory P. Smith Committed by GitHub
Browse files

gh-87389: Fix an open redirection vulnerability in http.server. (#93879) 

Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
parent 07095867
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment