CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

OSV•added 2024/09/05 8:33 p.m.•0 views

USN-6991-1 python-aiohttp vulnerability

It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...

7.5CVSS6.8AI score0.93602EPSS

Exploits15References2

Tenable Nessus•added 2024/09/05 12:0 a.m.•23 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : AIOHTTP vulnerability (USN-6991-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6991-1 advisory. It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remot...

7.5CVSS7.3AI score0.93602EPSS

Exploits15References2

OSV•added 2024/09/03 3:2 p.m.•18 views

SUSE-SU-2024:3110-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files as symbolic links bsc1229226...

4.8CVSS5.3AI score0.0024EPSS

Exploits0References3

RedHat Linux•added 2024/08/20 8:33 p.m.•4 views

aiohttp: XSS on index pages for static file handling

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

6.1CVSS5.6AI score0.00709EPSS

Exploits0References4

OSV•added 2024/08/20 12:0 a.m.•11 views

OPENSUSE-SU-2024:14280-1 python310-aiohttp-3.10.5-1.1 on GA media

These are all security issues fixed in the python310-aiohttp-3.10.5-1.1 package on the GA media of openSUSE Tumbleweed...

4.8CVSS5.4AI score0.0024EPSS

Exploits0References1

Redos•added 2024/08/20 12:0 a.m.•7 views

ROS-20240820-06

The aiohttp HTTP client vulnerability is related to flaws in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to perform an "HTTP request smuggling" attack...

7.2AI score

Exploits0

SUSE CVE•added 2024/08/17 1:47 a.m.•1 views

SUSE CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

4.8CVSS8.6AI score0.0024EPSS

Exploits0References4

RedhatCVE•added 2024/08/15 5:19 p.m.•13 views

CVE-2024-42367

A vulnerability was found in aiohttp. Static routes that contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants were symbolic links. Servers with static routes that contain compressed variants as symbolic links,...

4.8CVSS5AI score0.0024EPSS

Exploits0References8

OpenVAS•added 2024/08/13 12:0 a.m.•14 views

aiohttp < 3.10.2 Path Traversal Vulnerability - Linux

aiohttp is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...

4.8CVSS6.7AI score0.0024EPSS

Exploits0References1

OpenVAS•added 2024/08/13 12:0 a.m.•13 views

aiohttp < 3.10.2 Path Traversal Vulnerability - Windows

4.8CVSS6.7AI score0.0024EPSS

Exploits0References1

OSV•added 2024/08/12 1:38 p.m.•2 views

AZL-47754 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3

4.8CVSS6.7AI score0.0024EPSS

Exploits0References1

OSV•added 2024/08/12 1:38 p.m.•2 views

DEBIAN-CVE-2024-42367

4.8CVSS6.5AI score0.0024EPSS

Exploits0References1

OSV•added 2024/08/12 1:38 p.m.•1 views

AZL-47763 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3

4.8CVSS6.7AI score0.0024EPSS

Exploits0References1

NVD•added 2024/08/12 1:38 p.m.•15 views

CVE-2024-42367

4.8CVSS0.0024EPSS

Exploits0References5

Veracode•added 2024/08/12 5:17 a.m.•10 views

Path Traversal

aiohttp is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic links in compressed file variants .gz or .br extensions, which can allow access outside the root directory when followsymlinks=False is set...

4.8CVSS6.7AI score0.0024EPSS

Exploits0References6Affected Software1

UbuntuCve•added 2024/08/12 12:0 a.m.•13 views

CVE-2024-42367

4.8CVSS6.8AI score0.0024EPSS

Exploits0References4

CNNVD•added 2024/08/12 12:0 a.m.•5 views

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp versions prior to 3.10.2, which stems from the FileResponse class not performing path checking relative to the root directory when looking for...

4.8CVSS6.7AI score0.0024EPSS

Exploits0References5

OSV•added 2024/08/10 1:21 p.m.•3 views

MAL-2024-9937 Malicious code in aiohttp-libscss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5cb2d30b1084d16cbffd08a377d8723d794f112d1d33e666a4d4154653015e0 Imitate legit package, when used, sends out the URL of web application using the package --- Category: MALICIOUS - The campaign has clearly malicious intent,...

7AI score

Exploits0References1