Description
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Domain Redirect SQL Injection (1.0)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5489)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-4319)
PHP Other Vulnerability (CVE-2007-1521)
Oracle Application Server CVE-2006-0273 Vulnerability (CVE-2006-0273)