-
- Downloads
gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) (GH-94093)
Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b6) Co-authored-by:Gregory P. Smith <greg@krypto.org>
Showing
- Lib/http/server.py 7 additions, 0 deletionsLib/http/server.py
- Lib/test/test_httpservers.py 51 additions, 2 deletionsLib/test/test_httpservers.py
- Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst 3 additions, 0 deletions...xt/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst
Loading
Please register or sign in to comment