According to:
https://docs.python.org/3/library/http.server.html
Warning http.server is not recommended for production. It only implements basic security checks.
It doesn't state what security vulnerabilities the server is exposed to. I'm a sysadmin and have a dev team that wants to push this to production (My understanding is that they are using that while extending http.server.SimpleHTTPRequestHandler) and a CIO that is giving them the green light. I have no idea what risks there are involved because the documentation doesn't elaborate on details. Can somebody enlighten me as to what security vulnerabilities this product has?