Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
cpython/Misc/NEWS.d/next/Security
History
Gregory P. Smith 4abab6b603
gh-87389: Fix an open redirection vulnerability in http.server. (#93879) 
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
 		2022-06-21 13:16:57 -07:00
..
2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993) 2022-06-03 11:43:35 +02:00
2022-05-19-08-53-07.gh-issue-92888.TLtR9W.rst gh-92888: Fix memoryview bad `__index__` use after free (GH-92946) 2022-06-17 23:14:53 +08:00
2022-06-03-12-52-53.gh-issue-79096.YVoxgC.rst gh-79096: Protect cookie file created by {LWP,Mozilla}CookieJar.save() (GH-93463) 2022-06-07 10:11:03 +02:00
2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst gh-87389: Fix an open redirection vulnerability in http.server. (#93879) 2022-06-21 13:16:57 -07:00
README.rst

README.rst 

Put news entry `blurb`_ files for the *Security* section in this directory.

.. _blurb: https://pypi.org/project/blurb/