[pkg-uWSGI-devel] Bug#995368: libapache2-mod-proxy-uwsgi - CVE-2021-36160 regression, altered PATH_INFO

Sylvain Beucler beuc at beuc.net
Tue Oct 5 17:41:37 BST 2021

tags 995368 + upstream
forwarded 995368 https://bz.apache.org/bugzilla/show_bug.cgi?id=65616

Note: there doesn't seem to be actual path duplication at the UWSGI 
level, AFAICS Django just gets confused by the additional '/' at the 
start of PATH_INFO and incorrectly duplicates the path in the debug 
error page.

More information about the pkg-uWSGI-devel mailing list