7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7.1 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.5%
DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states “Warning: http.server is not recommended for production. It only implements basic security checks.”
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 35 | |
fedora | eq | 36 | |
fedora | eq | 37 | |
python | eq | 3.11.0 alpha2 | |
python | eq | 3.11.0 alpha3 | |
python | eq | 3.11.0 alpha4 | |
python | eq | 3.11.0 alpha5 | |
python | eq | 3.11.0 alpha6 | |
python | eq | 3.11.0 alpha1 | |
python | ge | 3.8.0 |
bugs.python.org/issue43223
github.com/python/cpython/pull/24848
github.com/python/cpython/pull/93879
lists.fedoraproject.org/archives/list/[email protected]/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/
lists.fedoraproject.org/archives/list/[email protected]/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/
lists.fedoraproject.org/archives/list/[email protected]/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/
lists.fedoraproject.org/archives/list/[email protected]/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/
lists.fedoraproject.org/archives/list/[email protected]/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/
lists.fedoraproject.org/archives/list/[email protected]/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/
lists.fedoraproject.org/archives/list/[email protected]/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/
lists.fedoraproject.org/archives/list/[email protected]/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/
lists.fedoraproject.org/archives/list/[email protected]/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/
lists.fedoraproject.org/archives/list/[email protected]/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/
lists.fedoraproject.org/archives/list/[email protected]/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/
lists.fedoraproject.org/archives/list/[email protected]/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/
lists.fedoraproject.org/archives/list/[email protected]/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/
lists.fedoraproject.org/archives/list/[email protected]/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/
security.gentoo.org/glsa/202305-02
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7.1 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.5%