{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28861", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "url": "https://bugs.python.org/issue43223", "refsource": "MISC", "name": "https://bugs.python.org/issue43223" }, { "refsource": "MISC", "name": "https://github.com/python/cpython/pull/93879", "url": "https://github.com/python/cpython/pull/93879" }, { "refsource": "MISC", "name": "https://github.com/python/cpython/pull/24848", "url": "https://github.com/python/cpython/pull/24848" }, { "refsource": "FEDORA", "name": "FEDORA-2022-f511f8f58b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-7fff0f2b0b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-a27e239f5a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-a2be4bd5d8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-15f1aa7dc7", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-fde69532df", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-61d8e8d880", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-4ac2e16969", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-2173709172", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-01d5789c08", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-d1682fef04", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-79843dfb3c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-20116fb6aa", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-7ca361a226", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/" }, { "refsource": "GENTOO", "name": "GLSA-202305-02", "url": "https://security.gentoo.org/glsa/202305-02" } ] } }