Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28861

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 23 Π°Π²Π³. 2022
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: low
EPSS Низкий
CVSS3: 7.4

ОписаниС

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

not-affected

code not present
devel

DNE

esm-apps/focal

not-affected

code not present
esm-apps/jammy

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
jammy

not-affected

code not present
kinetic

not-affected

code not present

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

jammy

released

3.10.6-1~22.04.1
kinetic

not-affected

3.10.7-1
lunar

DNE

mantic

DNE

trusty

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

not-affected

3.11.2-6
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

jammy

not-affected

3.11.0~rc1-1~22.04
kinetic

not-affected

3.11.0~rc2-1
lunar

not-affected

3.11.2-6
mantic

not-affected

3.11.2-6
trusty

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

disputed
esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

trusty

ignored

end of standard support

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

disputed
esm-infra/focal

DNE

esm-infra/xenial

released

3.5.2-2ubuntu0~16.04.13+esm5
focal

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

ignored

end of standard support, was needed
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

disputed
esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

ignored

end of standard support, was needed
devel

DNE

esm-apps/bionic

not-affected

disputed
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

ignored

end of standard support, was needed
devel

DNE

esm-apps/bionic

not-affected

disputed
esm-infra-legacy/trusty

DNE

esm-infra/focal

not-affected

disputed
focal

not-affected

disputed
jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

DNE

esm-apps/focal

released

3.9.5-3ubuntu0~20.04.1+esm1
esm-infra-legacy/trusty

DNE

focal

not-affected

disputed
jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

trusty

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 81%
0.01433
Низкий

7.4 High

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28861

CVSS3: 7.4
redhat
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28861

CVSS3: 7.4
nvd
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28861

CVSS3: 7.4
msrc
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28861

CVSS3: 7.4
debian
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Python 3.x through 3.10 has an open redirection vulnerability in lib/h ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2022:3940-1

suse-cvrf
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Security update for python

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 81%
0.01433
Низкий

7.4 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2021-28861