]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b13df4) | patch
gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) (GH-94095)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Wed, 22 Jun 2022 22:05:00 +0000 (15:05 -0700)
committerGitHub <noreply@github.com>
Wed, 22 Jun 2022 22:05:00 +0000 (18:05 -0400)
commit8a34afd55258c721e446d6de4a70353c39a24148
tree13e01ad5cabed297b6b54bb247ceb44cbbbcc230tree | snapshot
parent9b13df4d24191ec7a1df7dbc00c2b7d250ca0c1ccommit | diff
gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) (GH-94095)

Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
Lib/http/server.py diff | blob | blame | history
Lib/test/test_httpservers.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git