René's URL Explorer Experiment

Title: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython · GitHub

Open Graph Title: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

X Title: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Description: The Python programming language. Contribute to python/cpython development by creating an account on GitHub.

Open Graph Description: Fix an open redirection vulnerability in the http.server module when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan (@hamzaavvan). Test authored and...

X Description: Fix an open redirection vulnerability in the http.server module when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan (@hamzaavvan). Test authored and...

Opengraph URL: https://github.com/python/cpython/pull/93879

X: @github

direct link

Domain: github.com

route-pattern	/:user_id/:repository/pull/:id/commits(.:format)
route-controller	pull_requests
route-action	commits
fetch-nonce	v2:3e77d210-b2d9-e8d8-6c55-910d023cef08
current-catalog-service-hash	ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-id	B9FA:2DA0A8:7F5FAF:AB4722:6969BB40
html-safe-nonce	1af8a4da95250e54f493bbda2a4327fe9e741e759da836606fa895d560f1c412
visitor-payload	eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCOUZBOjJEQTBBODo3RjVGQUY6QUI0NzIyOjY5NjlCQjQwIiwidmlzaXRvcl9pZCI6IjQ5Nzc5ODk4ODIzNTc1OTQ5NDUiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac	08a682fa34b49c350844f060cbff6a5e018941a2927649bfe8ae293854a4f194
hovercard-subject-tag	pull_request:968578409
github-keyboard-shortcuts	repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verification	Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-url	https://collector.github.com/github/collect
analytics-location	///pull_requests/show/commits
fb:app_id	1401488693436528
apple-itunes-app	app-id=1477376905, app-argument=https://github.com/python/cpython/pull/93879/commits
twitter:image	https://opengraph.githubassets.com/07c6027322e685195eaa3d54f3eee0f7178701b9ecf38c06f6b9a7ecb255c2e4/python/cpython/pull/93879
twitter:card	summary_large_image
og:image	https://opengraph.githubassets.com/07c6027322e685195eaa3d54f3eee0f7178701b9ecf38c06f6b9a7ecb255c2e4/python/cpython/pull/93879
og:image:alt	Fix an open redirection vulnerability in the http.server module when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan (@hamzaavvan). Test authored and...
og:image:width	1200
og:image:height	600
og:site_name	GitHub
og:type	object
og:author:username	gpshead
hostname	github.com
expected-hostname	github.com
None	acedec8b5f975d9e3d494ddd8f949b0b8a0de59d393901e26f73df9dcba80056
turbo-cache-control	no-cache
go-import	github.com/python/cpython git https://github.com/python/cpython.git
octolytics-dimension-user_id	1525981
octolytics-dimension-user_login	python
octolytics-dimension-repository_id	81598961
octolytics-dimension-repository_nwo	python/cpython
octolytics-dimension-repository_public	true
octolytics-dimension-repository_is_fork	false
octolytics-dimension-repository_network_root_id	81598961
octolytics-dimension-repository_network_root_nwo	python/cpython
turbo-body-classes	logged-out env-production page-responsive
disable-turbo	false
browser-stats-url	https://api.github.com/_private/browser/stats
browser-errors-url	https://api.github.com/_private/browser/errors
release	83c08c21cdda978090dc44364b71aa5bc6dcea79
ui-target	full
theme-color	#1e2327
color-scheme	light dark

Links:

Skip to content	https://github.com/python/cpython/pull/93879/commits#start-of-content
	https://github.com/
Sign in	https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fpull%2F93879%2Fcommits
GitHub CopilotWrite better code with AI	https://github.com/features/copilot
GitHub SparkBuild and deploy intelligent apps	https://github.com/features/spark
GitHub ModelsManage and compare prompts	https://github.com/features/models
MCP RegistryNewIntegrate external tools	https://github.com/mcp
ActionsAutomate any workflow	https://github.com/features/actions
CodespacesInstant dev environments	https://github.com/features/codespaces
IssuesPlan and track work	https://github.com/features/issues
Code ReviewManage code changes	https://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilities	https://github.com/security/advanced-security
Code securitySecure your code as you build	https://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they start	https://github.com/security/advanced-security/secret-protection
Why GitHub	https://github.com/why-github
Documentation	https://docs.github.com
Blog	https://github.blog
Changelog	https://github.blog/changelog
Marketplace	https://github.com/marketplace
View all features	https://github.com/features
Enterprises	https://github.com/enterprise
Small and medium teams	https://github.com/team
Startups	https://github.com/enterprise/startups
Nonprofits	https://github.com/solutions/industry/nonprofits
App Modernization	https://github.com/solutions/use-case/app-modernization
DevSecOps	https://github.com/solutions/use-case/devsecops
DevOps	https://github.com/solutions/use-case/devops
CI/CD	https://github.com/solutions/use-case/ci-cd
View all use cases	https://github.com/solutions/use-case
Healthcare	https://github.com/solutions/industry/healthcare
Financial services	https://github.com/solutions/industry/financial-services
Manufacturing	https://github.com/solutions/industry/manufacturing
Government	https://github.com/solutions/industry/government
View all industries	https://github.com/solutions/industry
View all solutions	https://github.com/solutions
AI	https://github.com/resources/articles?topic=ai
Software Development	https://github.com/resources/articles?topic=software-development
DevOps	https://github.com/resources/articles?topic=devops
Security	https://github.com/resources/articles?topic=security
View all topics	https://github.com/resources/articles
Customer stories	https://github.com/customer-stories
Events & webinars	https://github.com/resources/events
Ebooks & reports	https://github.com/resources/whitepapers
Business insights	https://github.com/solutions/executive-insights
GitHub Skills	https://skills.github.com
Documentation	https://docs.github.com
Customer support	https://support.github.com
Community forum	https://github.com/orgs/community/discussions
Trust center	https://github.com/trust-center
Partners	https://github.com/partners
GitHub SponsorsFund open source developers	https://github.com/sponsors
Security Lab	https://securitylab.github.com
Maintainer Community	https://maintainers.github.com
Accelerator	https://github.com/accelerator
Archive Program	https://archiveprogram.github.com
Topics	https://github.com/topics
Trending	https://github.com/trending
Collections	https://github.com/collections
Enterprise platformAI-powered developer platform	https://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security features	https://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI features	https://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 support	https://github.com/premium-support
Pricing	https://github.com/pricing
Search syntax tips	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentation	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in	https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fpull%2F93879%2Fcommits
Sign up	https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Fcommits&source=header-repo&source_repo=python%2Fcpython
Reload	https://github.com/python/cpython/pull/93879/commits
Reload	https://github.com/python/cpython/pull/93879/commits
Reload	https://github.com/python/cpython/pull/93879/commits
python	https://github.com/python
cpython	https://github.com/python/cpython
Please reload this page	https://github.com/python/cpython/pull/93879/commits
Notifications	https://github.com/login?return_to=%2Fpython%2Fcpython
Fork 33.9k	https://github.com/login?return_to=%2Fpython%2Fcpython
Star 71.1k	https://github.com/login?return_to=%2Fpython%2Fcpython
Code	https://github.com/python/cpython
Issues 5k+	https://github.com/python/cpython/issues
Pull requests 2.1k	https://github.com/python/cpython/pulls
Actions	https://github.com/python/cpython/actions
Projects 31	https://github.com/python/cpython/projects
Security Uh oh! There was an error while loading. Please reload this page.	https://github.com/python/cpython/security
Please reload this page	https://github.com/python/cpython/pull/93879/commits
Insights	https://github.com/python/cpython/pulse
Code	https://github.com/python/cpython
Issues	https://github.com/python/cpython/issues
Pull requests	https://github.com/python/cpython/pulls
Actions	https://github.com/python/cpython/actions
Projects	https://github.com/python/cpython/projects
Security	https://github.com/python/cpython/security
Insights	https://github.com/python/cpython/pulse
gpshead	https://github.com/gpshead
python:main	https://github.com/python/cpython/tree/main
gpshead:security-gh87389	https://github.com/gpshead/cpython/tree/security-gh87389
Conversation	https://github.com/python/cpython/pull/93879
Commits7 (7)	https://github.com/python/cpython/pull/93879/commits
Checks	https://github.com/python/cpython/pull/93879/checks
Files changed	https://github.com/python/cpython/pull/93879/files
gh-87389: Fix an open redirection vulnerability in http.server.	https://github.com/python/cpython/pull/93879/commits#top
gpshead	https://github.com/gpshead
python:main	https://github.com/python/cpython/tree/main
gpshead:security-gh87389	https://github.com/gpshead/cpython/tree/security-gh87389
gh-87389: Fix an open redirection vulnerability in http.server.	https://github.com/python/cpython/pull/93879/commits/2f09fe26b94ede913b151cb1bb3bcef543e113a2
	https://github.com/gpshead
gpshead	https://github.com/python/cpython/commits?author=gpshead
2f09fe2	https://github.com/python/cpython/pull/93879/commits/2f09fe26b94ede913b151cb1bb3bcef543e113a2
	https://github.com/python/cpython/tree/2f09fe26b94ede913b151cb1bb3bcef543e113a2
A more defensive assert within the test.	https://github.com/python/cpython/pull/93879/commits/3b38f5299c311745e2a5768989f7ab67b5d50a25
	https://github.com/gpshead
gpshead	https://github.com/python/cpython/commits?author=gpshead
3b38f52	https://github.com/python/cpython/pull/93879/commits/3b38f5299c311745e2a5768989f7ab67b5d50a25
	https://github.com/python/cpython/tree/3b38f5299c311745e2a5768989f7ab67b5d50a25
Fix wording in some comments.	https://github.com/python/cpython/pull/93879/commits/19a5bf685c7a208e76720bc3826b3ebb68daaf21
	https://github.com/gpshead
gpshead	https://github.com/python/cpython/commits?author=gpshead
19a5bf6	https://github.com/python/cpython/pull/93879/commits/19a5bf685c7a208e76720bc3826b3ebb68daaf21
	https://github.com/python/cpython/tree/19a5bf685c7a208e76720bc3826b3ebb68daaf21
Add an explanatory comment in the test.	https://github.com/python/cpython/pull/93879/commits/e16d38d15e64ec76510c74e7a3a8e1c1dc6eb72a
	https://github.com/gpshead
gpshead	https://github.com/python/cpython/commits?author=gpshead
e16d38d	https://github.com/python/cpython/pull/93879/commits/e16d38d15e64ec76510c74e7a3a8e1c1dc6eb72a
	https://github.com/python/cpython/tree/e16d38d15e64ec76510c74e7a3a8e1c1dc6eb72a
Address vstinner comments on the test.	https://github.com/python/cpython/pull/93879/commits/25a3a1c4188fb8f50bb7dd07c9ccdb7c9c8a654f
	https://github.com/gpshead
gpshead	https://github.com/python/cpython/commits?author=gpshead
25a3a1c	https://github.com/python/cpython/pull/93879/commits/25a3a1c4188fb8f50bb7dd07c9ccdb7c9c8a654f
	https://github.com/python/cpython/tree/25a3a1c4188fb8f50bb7dd07c9ccdb7c9c8a654f
Add a test for absolute Request-URI and fixup to allow it.	https://github.com/python/cpython/pull/93879/commits/7c9464a2ef986352273f305f36c25f99dbb09622
	https://github.com/gpshead
gpshead	https://github.com/python/cpython/commits?author=gpshead
7c9464a	https://github.com/python/cpython/pull/93879/commits/7c9464a2ef986352273f305f36c25f99dbb09622
	https://github.com/python/cpython/tree/7c9464a2ef986352273f305f36c25f99dbb09622
Further improve test cases.	https://github.com/python/cpython/pull/93879/commits/8563d4a74d7ee0abca7dc3910c9a2dac4e08ce65
	https://github.com/gpshead
gpshead	https://github.com/python/cpython/commits?author=gpshead
8563d4a	https://github.com/python/cpython/pull/93879/commits/8563d4a74d7ee0abca7dc3910c9a2dac4e08ce65
	https://github.com/python/cpython/tree/8563d4a74d7ee0abca7dc3910c9a2dac4e08ce65
	https://github.com
Terms	https://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacy	https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Security	https://github.com/security
Status	https://www.githubstatus.com/
Community	https://github.community/
Docs	https://docs.github.com/
Contact	https://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.