vulnerability

SUSE: CVE-2021-28861: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:C/I:N/A:N)	Aug 23, 2022	Oct 26, 2022	Jan 28, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:N/A:N)

Published

Aug 23, 2022

Added

Oct 26, 2022

Modified

Jan 28, 2025

Description

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Solutions

suse-upgrade-libpython2_7-1_0suse-upgrade-libpython2_7-1_0-32bitsuse-upgrade-libpython3_10-1_0suse-upgrade-libpython3_10-1_0-32bitsuse-upgrade-libpython3_4m1_0suse-upgrade-libpython3_4m1_0-32bitsuse-upgrade-libpython3_6m1_0suse-upgrade-libpython3_6m1_0-32bitsuse-upgrade-libpython3_9-1_0suse-upgrade-libpython3_9-1_0-32bitsuse-upgrade-pythonsuse-upgrade-python-32bitsuse-upgrade-python-basesuse-upgrade-python-base-32bitsuse-upgrade-python-cursessuse-upgrade-python-demosuse-upgrade-python-develsuse-upgrade-python-docsuse-upgrade-python-doc-pdfsuse-upgrade-python-gdbmsuse-upgrade-python-idlesuse-upgrade-python-tksuse-upgrade-python-xmlsuse-upgrade-python3suse-upgrade-python3-basesuse-upgrade-python3-cursessuse-upgrade-python3-dbmsuse-upgrade-python3-develsuse-upgrade-python3-docsuse-upgrade-python3-doc-devhelpsuse-upgrade-python3-idlesuse-upgrade-python3-testsuitesuse-upgrade-python3-tksuse-upgrade-python3-toolssuse-upgrade-python310suse-upgrade-python310-32bitsuse-upgrade-python310-basesuse-upgrade-python310-base-32bitsuse-upgrade-python310-cursessuse-upgrade-python310-dbmsuse-upgrade-python310-develsuse-upgrade-python310-docsuse-upgrade-python310-doc-devhelpsuse-upgrade-python310-idlesuse-upgrade-python310-testsuitesuse-upgrade-python310-tksuse-upgrade-python310-toolssuse-upgrade-python36suse-upgrade-python36-basesuse-upgrade-python36-develsuse-upgrade-python39suse-upgrade-python39-32bitsuse-upgrade-python39-basesuse-upgrade-python39-base-32bitsuse-upgrade-python39-cursessuse-upgrade-python39-dbmsuse-upgrade-python39-develsuse-upgrade-python39-docsuse-upgrade-python39-doc-devhelpsuse-upgrade-python39-idlesuse-upgrade-python39-testsuitesuse-upgrade-python39-tksuse-upgrade-python39-tools

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today