PSF-2011-1

Import Source

https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2011-1.json

Aliases

CVE-2011-1015

Published

2011-05-09T22:00:00Z

Modified

2023-11-08T03:56:58.725930Z

Summary

CGI directory traversal (is_cgi() function)

Details

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

References

https://bugs.python.org/issue2254

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0The exact introduced commit is unknown

Fixed

923ba361d8f757f0656cfd216525aca4848e02aa

Affected versions

v0.*

v0.9.8

v0.9.9

v1.*

v1.0.1

v1.0.2

v1.1

v1.1.1

v1.2

v1.2b1

v1.2b2

v1.2b3

v1.2b4

v1.3

v1.3b1

v1.4

v1.4b1

v1.4b2

v1.4b3

v1.5

v1.5.1

v1.5.2

v1.5.2a1

v1.5.2a2

v1.5.2b1

v1.5.2b2

v1.5.2c1

v1.5a1

v1.5a2

v1.5a3

v1.5a4

v1.5b1

v1.5b2

v1.6a1

v1.6a2

v2.*

v2.0

v2.0b1

v2.0b2

v2.0c1

v2.1

v2.1a1

v2.1a2

v2.1b1

v2.1b2

v2.1c1

v2.1c2

v2.2a3

v2.3c1

v2.3c2

v2.4

v2.4a1

v2.4a2

v2.4a3

v2.4b1

v2.4b2

v2.4c1

v2.5a0

v2.5a1

v2.5a2

v2.5b1

v2.5b2

v2.5b3

v2.6

v2.6a1

v2.6a2

v2.6a3

v2.6b1

v2.6b2

v2.6b3

v2.6rc1

v2.6rc2