Description
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
Remediation
References
Related Vulnerabilities
Internet Information Services Improper Input Validation Vulnerability (CVE-1999-0867)
Internet Information Services Other Vulnerability (CVE-1999-1233)
Moodle Improper Input Validation Vulnerability (CVE-2021-3943)
MySQL CVE-2020-14575 Vulnerability (CVE-2020-14575)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4789)