mirror of
https://github.com/python/cpython.git
synced 2026-05-09 14:11:28 -04:00
Miss Islington (bot)
5715382d3a
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target. Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).
Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603)
Co-authored-by: Gregory P. Smith <greg@krypto.org>