Lucene search

K
nvd[email protected]NVD:CVE-2021-28861
HistoryAug 23, 2022 - 1:15 a.m.

CVE-2021-28861

2022-08-2301:15:07
CWE-601
web.nvd.nist.gov
7
python
open redirection
uri path
information disclosure
http server
security checks

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.002

Percentile

59.7%

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states “Warning: http.server is not recommended for production. It only implements basic security checks.”

Affected configurations

Nvd
Node
pythonpythonRange3.0.03.7.14
OR
pythonpythonRange3.8.03.8.14
OR
pythonpythonRange3.9.03.9.14
OR
pythonpythonRange3.10.03.10.6
OR
pythonpythonMatch3.11.0alpha1
OR
pythonpythonMatch3.11.0alpha2
OR
pythonpythonMatch3.11.0alpha3
OR
pythonpythonMatch3.11.0alpha4
OR
pythonpythonMatch3.11.0alpha5
OR
pythonpythonMatch3.11.0alpha6
OR
pythonpythonMatch3.11.0alpha7
OR
pythonpythonMatch3.11.0beta1
OR
pythonpythonMatch3.11.0beta2
OR
pythonpythonMatch3.11.0beta3
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*
Rows per page:
1-10 of 141

References

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.002

Percentile

59.7%