[3.9] gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) by miss-islington · Pull Request #94093 · python/cpython
…pythonGH-93879) Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b) Co-authored-by: Gregory P. Smith <greg@krypto.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters