QwikSec

Security Database

CVE

CWE

Training

CVE-2021-28861

Published: Aug 23, 2022

Modified: Dec 17, 2025

PUBLISHED

Description

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.python.org/issue43223

https://github.com/python/cpython/pull/93879

https://github.com/python/cpython/pull/24848

FEDORA-2022-f511f8f58b

vendor-advisory

FEDORA-2022-7fff0f2b0b

vendor-advisory

FEDORA-2022-a27e239f5a

vendor-advisory

FEDORA-2022-a2be4bd5d8

vendor-advisory

FEDORA-2022-15f1aa7dc7

vendor-advisory

FEDORA-2022-fde69532df

vendor-advisory

FEDORA-2022-61d8e8d880

vendor-advisory

FEDORA-2022-4ac2e16969

vendor-advisory

FEDORA-2022-2173709172

vendor-advisory

FEDORA-2022-01d5789c08

vendor-advisory

FEDORA-2022-d1682fef04

vendor-advisory

FEDORA-2022-79843dfb3c

vendor-advisory

FEDORA-2022-20116fb6aa

vendor-advisory

FEDORA-2022-7ca361a226

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.