Issue #26657: HTTP directory traversal

Fix directory traversal vulnerability with http.server and SimpleHTTPServer on Windows.

Regression of Python 3.3.5.

Python issue reported at 2016-03-14.

  • Disclosure date: 2016-03-28 (Python issue #26657 reported)

Fixed In

Vulnerable Versions

  • Python 3.3

Python issue

Directory traversal with http.server and SimpleHTTPServer on windows.

  • Python issue: issue #26657
  • Creation date: 2016-03-28
  • Reporter: Thomas

Timeline

Timeline using the disclosure date 2016-03-28 as reference:

  • 2016-03-28: Python issue #26657 reported by Thomas
  • 2016-04-18 (+21 days): commit 0cf2cf2
  • 2016-04-18 (+21 days): commit d274b3f
  • 2016-06-27 (+91 days): Python 3.5.2 released
  • 2016-06-28 (+92 days): Python 2.7.12 released
  • 2016-12-23: Python 3.6.0 released
  • 2017-07-12 (+471 days): commit 6f6bc1d
  • 2017-08-09 (+499 days): Python 3.4.7 released