Lucene search

CVE-2024-23334

🗓️ 29 Jan 2024 23:08:15Reported by GoogleType

osv🔗 osv.dev👁 40 Views

aiohttp web server allows unauthorized access through follow_symlinks option

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 84
F5 Networks	K000139353 : aiohttp vulnerability CVE-2024-23334	19 Apr 202400:00	–	f5
OSV	UBUNTU-CVE-2024-23334	29 Jan 202423:15	–	osv
OSV	OPENSUSE-SU-2024:13642-1 python310-aiohttp-3.9.3-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	GHSA-5H86-8MV2-JQ9F aiohttp is vulnerable to directory traversal	29 Jan 202422:31	–	osv
OSV	CGA-X8W7-VX7P-R8VF	6 Jun 202412:26	–	osv
OSV	CGA-C9GX-2CQ5-2F2R	6 Jun 202412:25	–	osv
OSV	PYSEC-2024-24	29 Jan 202423:15	–	osv
OSV	USN-6991-1 python-aiohttp vulnerability	5 Sep 202420:33	–	osv
OSV	MGASA-2024-0388 Updated python-aiohttp packages fix security vulnerabilities	4 Dec 202416:58	–	osv
OSV	SUSE-SU-2024:0577-1 Security update for python-aiohttp, python-time-machine	21 Feb 202410:43	–	osv

Source	Link
github	www.github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
github	www.github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b
github	www.github.com/aio-libs/aiohttp/pull/8079
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-23334

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Jan 2024 23:15Current

5.7Medium risk

Vulners AI Score5.7

CVSS35.9 - 7.5

EPSS0.93519