This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hamzaavvan
Recipients hamzaavvan, paul.moore, steve.dower, tim.golden, zach.ware
Date 2021-02-14.11:42:36
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The provided version of python distros 3.8.7 and 3.7.4 are vulnerable to open redirection while traversing to an existing directory.


In this case, the actual path of .ssh was:

Upon visiting the payload URI the python server will respond back with a Location header instead of serving the directory contents directly which triggers the redirection to

Server: SimpleHTTP/0.6 Python/3.8.7
Date User Action Args
2021-02-14 11:42:36hamzaavvansetrecipients: + hamzaavvan, paul.moore, tim.golden, zach.ware, steve.dower
2021-02-14 11:42:36hamzaavvansetmessageid: <>
2021-02-14 11:42:36hamzaavvanlinkissue43223 messages
2021-02-14 11:42:36hamzaavvancreate