AZL-10618

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10618.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-10618

Upstream

CVE-2021-28861

Published

2022-08-23T01:15:07Z

Modified

2026-04-01T05:06:15.328865Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVSS Calculator

Summary

CVE-2021-28861 affecting package python3 for versions less than 3.9.19-1

Details

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

References

https://nvd.nist.gov/vuln/detail/CVE-2021-28861

Affected packages

Azure Linux:2 / python3

Package

Name: python3
Purl: pkg:rpm/azure-linux/python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.19-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10618.json"