|
Up to the RM team to decide is this minor security fix is worth going into such an old branch. Consider our statement about http.server in https://docs.python.org/3.7/library/http.server.html. |
Sorry, something went wrong.
|
Status check is done, and it's a success ✅ . |
Sorry, something went wrong.
Fix an open redirection vulnerability in the http.server module when
an URI path starts with // that could produce a 301 Location header
with a misleading target. Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).
Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b)
Co-authored-by: Gregory P. Smith greg@krypto.org