Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

🗓️ 25 Aug 2022 07:00:00Reported by MicrosoftType

Python 3.x–3.10 open redirection in http.server.py from leading slashes; information disclosure risk; disputed.

Reporter	Title	Published	Views	Family All 280
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	6 Jul 202318:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	26 Apr 202319:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	12 Apr 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Verify Access	11 May 202316:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in Python (CVE-2021-28861)	3 May 202314:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Python	11 Jul 202313:33	–	ibm
Tenable Nessus	Amazon Linux 2 : python3 (ALAS-2022-1896)	7 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : python38 (ALASPYTHON3.8-2024-016)	13 Nov 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0053: python3 (ALINUX3-SA-2023:0053)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : python3.9 (ALSA-2022:8353)	18 Nov 202200:00	–	nessus