Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
python2.7 to version 2.7.12-2 or higher.