Open
Description
If you try to run simple_http on port 8080 and visit "127.0.0.1:8080/fap=432%424" it's going to crash. This is due to the overridden log_message which thinks the "%424" needs to turn into arguments in the "message % args" part of the log.
The solution can be to .replace("%", "%%") in log_request(), thus escaping the formatting.
(While I'm not versed in Python attacks, in C/C++ this would be a real vulnerability)