CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
59.7%
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states “Warning: http.server is not recommended for production. It only implements basic security checks.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | pypy3 | < 7.3.10+dfsg-1 | pypy3_7.3.10+dfsg-1_all.deb |
Debian | 11 | all | pypy3 | <= 7.3.5+dfsg-2+deb11u2 | pypy3_7.3.5+dfsg-2+deb11u2_all.deb |
Debian | 999 | all | pypy3 | < 7.3.10+dfsg-1 | pypy3_7.3.10+dfsg-1_all.deb |
Debian | 13 | all | pypy3 | < 7.3.10+dfsg-1 | pypy3_7.3.10+dfsg-1_all.deb |
Debian | 11 | all | python2.7 | <= 2.7.18-8+deb11u1 | python2.7_2.7.18-8+deb11u1_all.deb |
Debian | 12 | all | python3.11 | < 3.11.0~b4-1 | python3.11_3.11.0~b4-1_all.deb |
Debian | 11 | all | python3.9 | <= 3.9.2-1 | python3.9_3.9.2-1_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
59.7%