Issue #26657: HTTP server directory traversal


This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This database can be viewed online at the Open Source Vulnerability Database.

Fix directory traversal vulnerability with http.server and SimpleHTTPServer on Windows.

Regression of Python 3.3.5.

Python issue reported at 2016-03-14.


  • Disclosure date: 2016-03-28 (Python issue bpo-26657 reported)

Fixed In

Python issue

Directory traversal with http.server and SimpleHTTPServer on windows.

  • Python issue: bpo-26657
  • Creation date: 2016-03-28
  • Reporter: Thomas


Timeline using the disclosure date 2016-03-28 as reference: