N/A

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

N/A

N/A

Python 输入验证错误漏洞

Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python 3.x系列版本中 3.10之前版本存在输入验证错误漏洞，该漏洞源于在 lib/http/server.py 中存在一个开放重定向漏洞，因为没有针对 URI 路径开头的多个 (/) 的保护，这可能导致信息泄露。

N/A

N/A