cpython

mirror of https://github.com/python/cpython.git synced 2026-05-17 18:08:50 -04:00

Files

T

Miss Islington (bot) e2e8847bf5 gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879)

Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603)

Co-authored-by: Gregory P. Smith <greg@krypto.org>

2022-06-21 14:29:03 -07:00

__init__.py

gh-91996: Add an HTTPMethod StrEnum to http (GH-91997)

2022-05-05 15:39:02 -07:00

client.py

bpo-28953: Use raise from when raising new IncompleteRead (GH-29861)

2021-12-06 16:10:49 -08:00

cookiejar.py

[3.11] gh-79096: Protect cookie file created by {LWP,Mozilla}CookieJar.save() (GH-93463) (GH-93636)

2022-06-09 16:16:37 +02:00

cookies.py

bpo-39481: PEP 585 for a variety of modules (GH-19423)

2020-04-10 07:46:36 -07:00

server.py

gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879)

2022-06-21 14:29:03 -07:00