CVE-2021-28861

HIGH Year: 2021
CVSS v3 Score
7.4
High
Weakness Type
CWE-601
View all →

Vulnerability Description

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Related Vulnerabilities

CVE-2016-0928

HIGH
CVSS:7.4(High)

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct p...

CWE-6012016

CVE-2016-1000001

HIGH
CVSS:7.4(High)

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect

CWE-6012016

CVE-2016-3174

HIGH
CVSS:7.4(High)

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be prov...

CWE-6012016

CVE-2016-6657

HIGH
CVSS:7.4(High)

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runti...

CWE-6012016

CVE-2017-18414

HIGH
CVSS:7.4(High)

cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).

CWE-6012017

CVE-2017-3085

HIGH
CVSS:7.4(High)

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CWE-6012017