Updated: 2025-12-28 04:13:23.925255
Description:
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.4 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Debian 13 | python | 3.7 | 7.4 | HIGH | Not Vulnerable | 2025-11-21 15:05:13 | ||
| EL 10 | python | 3.6 | 7.4 | HIGH | Already Fixed | 2025-10-29 18:42:58 | ||
| EL 7 | python | 3.6 | 7.4 | HIGH | Released | CLSA-2025:1748350001 | 2025-05-28 00:19:32 | |
| EL 8 | python | 3.6 | 7.4 | HIGH | Released | CLSA-2025:1748351993 | 2025-05-28 00:19:31 | |
| EL 9 | python | 3.6 | 7.4 | HIGH | Released | CLSA-2025:1748352587 | 2025-05-28 00:19:28 | |
| Ubuntu 16.04 | python | 3.6 | 7.4 | HIGH | Already Fixed | 2025-07-25 02:04:13 | ||
| Ubuntu 18.04 | python | 3.6 | 7.4 | HIGH | Already Fixed | 2025-07-25 02:04:12 | ||
| Ubuntu 20.04 | python | 3.6 | 7.4 | HIGH | Already Fixed | 2025-07-25 02:04:12 | ||
| Ubuntu 22.04 | python | 3.6 | 7.4 | HIGH | Already Fixed | 2025-07-25 02:04:13 | ||
| Ubuntu 24.04 | python | 3.6 | 7.4 | HIGH | Already Fixed | 2025-07-25 02:04:12 |