Gregory P. Smith 4abab6b603 gh-87389: Fix an open redirection vulnerability in http.server. (#93879) ...

Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].

2022-06-21 13:16:57 -07:00

54 KiB

Raw Blame History

View Raw