Lucene search

K
cveMitreCVE-2021-28861
HistoryAug 23, 2022 - 1:15 a.m.

CVE-2021-28861

2022-08-2301:15:07
CWE-601
mitre
web.nvd.nist.gov
368
10
python
cve-2021-28861
open redirection
information disclosure
security vulnerability

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

59.7%

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states “Warning: http.server is not recommended for production. It only implements basic security checks.”

Affected configurations

Nvd
Node
pythonpythonRange3.0.03.7.14
OR
pythonpythonRange3.8.03.8.14
OR
pythonpythonRange3.9.03.9.14
OR
pythonpythonRange3.10.03.10.6
OR
pythonpythonMatch3.11.0alpha1
OR
pythonpythonMatch3.11.0alpha2
OR
pythonpythonMatch3.11.0alpha3
OR
pythonpythonMatch3.11.0alpha4
OR
pythonpythonMatch3.11.0alpha5
OR
pythonpythonMatch3.11.0alpha6
OR
pythonpythonMatch3.11.0alpha7
OR
pythonpythonMatch3.11.0beta1
OR
pythonpythonMatch3.11.0beta2
OR
pythonpythonMatch3.11.0beta3
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
VendorProductVersionCPE
pythonpython3.11.0cpe:/a:python:python:3.11.0:alpha6::
pythonpython3.11.0cpe:/a:python:python:3.11.0:beta2::
pythonpython3.11.0cpe:/a:python:python:3.11.0:alpha7::
pythonpython3.11.0cpe:/a:python:python:3.11.0:alpha3::
pythonpython3.11.0cpe:/a:python:python:3.11.0:beta1::
pythonpython3.11.0cpe:/a:python:python:3.11.0:alpha1::
pythonpython3.11.0cpe:/a:python:python:3.11.0:alpha4::
pythonpython3.11.0cpe:/a:python:python:3.11.0:beta3::
pythonpython3.11.0cpe:/a:python:python:3.11.0:alpha5::
pythonpython3.11.0cpe:/a:python:python:3.11.0:alpha2::

References

Social References

More

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

59.7%