Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-28861

Published: August 23, 2022Last modified: November 8, 2023

Description

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Severity score breakdown

ParameterValue
Base score7.4
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeCHANGED
ConfidentialityHIGH
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSrustNot affected (1.64.0-r2)
StreamrustNot affected (1.71.1-r1)

References

ON THIS PAGE