Описание
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of the URI path. This issue may lead to information disclosure.
Отчет
Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide "symlinks" to the main python3 component, which provides the actual interpreter of the Python programming language.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | python | Not affected | ||
| Red Hat Enterprise Linux 7 | python | Not affected | ||
| Red Hat Enterprise Linux 7 | python3 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python2 | Not affected | ||
| Red Hat Enterprise Linux 8 | python27:2.7/python2 | Not affected | ||
| Red Hat Enterprise Linux 8 | python36 | Not affected | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Enterprise Linux 8 | python38 | Affected | ||
| Red Hat Enterprise Linux 8 | python3 | Fixed | RHSA-2023:0833 | 21.02.2023 |
| Red Hat Enterprise Linux 8 | python38 | Fixed | RHSA-2023:2763 | 16.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
Python 3.x through 3.10 has an open redirection vulnerability in lib/h ...
EPSS
7.4 High
CVSS3