REDHAT-BUG-2120642
First published: Tue Aug 23 2022(Updated: )
An open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. References: <a href="https://bugs.python.org/issue43223">https://bugs.python.org/issue43223</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Babel Localedata |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.python.org/issue43223
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120645
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120644
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120787
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120788
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120789
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120785
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120784
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120783
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120786
- https://github.com/python/cpython/pull/93879
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2121034
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2121035
- https://access.redhat.com/errata/RHSA-2022:6766
- https://access.redhat.com/errata/RHSA-2022:8353
- https://access.redhat.com/errata/RHSA-2023:0833
- https://access.redhat.com/errata/RHSA-2023:2763
- https://access.redhat.com/errata/RHSA-2023:2764
- https://access.redhat.com/security/cve/cve-2021-28861
- https://bugzilla.redhat.com/show_bug.cgi?id=2120642
Frequently Asked Questions
What is the severity of REDHAT-BUG-2120642?
The severity of REDHAT-BUG-2120642 is classified as a moderate risk due to potential information disclosure.
How do I fix REDHAT-BUG-2120642?
To fix REDHAT-BUG-2120642, ensure to implement strict validation of URI paths in your application.
What causes REDHAT-BUG-2120642?
REDHAT-BUG-2120642 is caused by a lack of protection against multiple slashes at the beginning of the URI path.
Which versions of Python are affected by REDHAT-BUG-2120642?
All versions of Python that utilize the lib/http/server.py module are potentially affected by REDHAT-BUG-2120642.
Is there a workaround for REDHAT-BUG-2120642 while waiting for a fix?
A possible workaround for REDHAT-BUG-2120642 is to sanitize the input URI by removing leading slashes before processing.
- agent/references
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-28861
- agent/first-publish-date
- agent/source
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/python
- canonical/python babel localedata