cpython.git - https://github.com/python/cpython.git

diff options

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2022-06-22 08:42:02 (GMT)
committer	GitHub <noreply@github.com>	2022-06-22 08:42:02 (GMT)
commit	defaa2b19a9a01c79c1d5641a8aa179bb10ead3f (patch)
tree	3f14f8a13c04f557f301c6a4a43eb9051bee161f /Python/pythonrun.c
parent	893adbf001e1d47b17180e471439571522338e28 (diff)
download	cpython-defaa2b19a9a01c79c1d5641a8aa179bb10ead3f.zip cpython-defaa2b19a9a01c79c1d5641a8aa179bb10ead3f.tar.gz cpython-defaa2b19a9a01c79c1d5641a8aa179bb10ead3f.tar.bz2

gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) (GH-94093)

Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e) Co-authored-by: Gregory P. Smith <greg@krypto.org>

Diffstat (limited to 'Python/pythonrun.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: