Description

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Remediation

References

CVE-2021-28861

Related Vulnerabilities

WordPress Plugin Email Queue by BestWebSoft Cross-Site Request Forgery (1.0.0)

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8831)

WordPress Plugin Zedna Contact form Arbitrary File Upload (1.0)

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

WordPress Plugin Easing Slider Multiple Cross-Site Scripting Vulnerabilities (2.2.0.6)

Severity

High

Classification

CVE-2021-28861 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities