projects / python3.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 123e7a2) | patch
gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) (GH-94093)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Wed, 22 Jun 2022 08:42:02 +0000 (01:42 -0700)
committerRaspbian forward porter <root@raspbian.org>
Sat, 24 Jan 2026 09:41:14 +0000 (09:41 +0000)
commit5127e8d58e83ceb395efa8a48f8eeb455adae37d
tree2c7b0503f7a60ccf79eadb479d6eab31b2ea0325tree | snapshot
parent123e7a28b63808a291b80d742a75d892506e7ad6commit | diff
gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) (GH-94093)

Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
Gbp-Pq: Name 0008-gh-87389-Fix-an-open-redirection-vulnerability-in-ht.patch
Lib/http/server.py diff | blob | history
Lib/test/test_httpservers.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.