CVE-2021-28861

ADVISORY - nist

Summary

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

EPSS Score⁠: 0.01395 (0.804)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - redhat

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.