gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) (GH-94094)
Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b6) Co-authored-by:Gregory P. Smith <greg@krypto.org>
Loading
Please register or sign in to comment