Search for vulnerabilities
Vulnerability details: VCID-69wz-uwzh-aaam
Vulnerability ID VCID-69wz-uwzh-aaam
Aliases CVE-2021-28861
Summary Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.
Status Disputed
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28861.json
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00468 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
epss 0.02116 https://api.first.org/data/v1/epss?cve=CVE-2021-28861
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2120642
cvssv3.1 7.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-28861
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-28861
cvssv3.1 9.8 https://security.gentoo.org/glsa/202305-02
generic_textual CRITICAL https://security.gentoo.org/glsa/202305-02
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28861.json
https://api.first.org/data/v1/epss?cve=CVE-2021-28861
https://bugs.python.org/issue43223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/python/cpython/pull/24848
https://github.com/python/cpython/pull/93879
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/
https://security.gentoo.org/glsa/202305-02
2120642 https://bugzilla.redhat.com/show_bug.cgi?id=2120642
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*
cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2021-28861 https://nvd.nist.gov/vuln/detail/CVE-2021-28861
RHSA-2022:6766 https://access.redhat.com/errata/RHSA-2022:6766
RHSA-2022:8353 https://access.redhat.com/errata/RHSA-2022:8353
RHSA-2023:0833 https://access.redhat.com/errata/RHSA-2023:0833
RHSA-2023:2763 https://access.redhat.com/errata/RHSA-2023:2763
RHSA-2023:2764 https://access.redhat.com/errata/RHSA-2023:2764
USN-5629-1 https://usn.ubuntu.com/5629-1/
USN-5888-1 https://usn.ubuntu.com/5888-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28861.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-28861
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-28861
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.59908
EPSS Score 0.00215
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2025-04-19T00:45:40.500509+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2021-28861 36.0.0