OESA-2024-2254 python-aiohttp security update

🗓️ 18 Oct 2024 11:09:22Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Aiohttp security fix addresses path traversal with compressed static files on symlinks; patch in 3.10.2.

Reporter	Title	Published	Views	Family All 49
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367	9 Sep 202408:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	29 Aug 202516:12	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0	15 Apr 202503:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp	26 Feb 202518:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367	9 Sep 202408:21	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	9 Oct 202409:25	–	ibm
BDU FSTEC	The vulnerability of the aiohttp HTTP client, related to issues with symbolic links when processing static routes that contain files with compressed variants in the FileResponse class, allows a hacker to compromise the vulnerable system.	27 Mar 202500:00	–	bdu_fstec
Chainguard	CVE-2024-42367 vulnerabilities	12 Aug 202413:38	–	cgr
CNNVD	aiohttp 安全漏洞	12 Aug 202400:00	–	cnnvd
CVE	CVE-2024-42367	9 Aug 202417:25	–	cve