python3.10:bookworm is vulnerable to Information Disclosure.The vulnerability exits in server.py
due to lack of protection against multiple (/) at the beginning of URI path which allows an attacker to gain access to information in the file system.
bugs.python.org/issue43223
github.com/python/cpython/pull/24848
github.com/python/cpython/pull/93879
lists.fedoraproject.org/archives/list/[email protected]/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/
lists.fedoraproject.org/archives/list/[email protected]/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/
lists.fedoraproject.org/archives/list/[email protected]/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/
lists.fedoraproject.org/archives/list/[email protected]/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/
lists.fedoraproject.org/archives/list/[email protected]/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/
lists.fedoraproject.org/archives/list/[email protected]/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/
lists.fedoraproject.org/archives/list/[email protected]/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/
lists.fedoraproject.org/archives/list/[email protected]/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/
lists.fedoraproject.org/archives/list/[email protected]/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/
lists.fedoraproject.org/archives/list/[email protected]/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/
lists.fedoraproject.org/archives/list/[email protected]/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/
lists.fedoraproject.org/archives/list/[email protected]/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/
lists.fedoraproject.org/archives/list/[email protected]/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/
lists.fedoraproject.org/archives/list/[email protected]/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/
security-tracker.debian.org/tracker/CVE-2021-28861
security.gentoo.org/glsa/202305-02