delta/cpython-git.git - github.com: python/cpython.git

diff options

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2022-06-21 14:36:55 -0700
committer	GitHub <noreply@github.com>	2022-06-21 14:36:55 -0700
commit	5715382d3a89ca118ce2e224d8c69550d21fe51b (patch)
tree	46ebc130ad6c07de319b0a9f7078766e2f6e4b22 /Lib/shutil.py
parent	1b8aa7aafd2ac07836777707fd9ba5ffb353eb0c (diff)
download	cpython-git-5715382d3a89ca118ce2e224d8c69550d21fe51b.tar.gz

gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879)

Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e) Co-authored-by: Gregory P. Smith <greg@krypto.org>

Diffstat (limited to 'Lib/shutil.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: