1086 matches found
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367
The CVE-2024-42367 issue affects aiohttp (Python) on the 3.10 branch prior to 3.10.2. It describes a path traversal vulnerability in static routes that serve files with compressed variants (.gz, .br) when those variants are symbolic links. The root cause is that, although the server normally prot...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
In aiohttp, compressed files as symlinks are not protected from path traversal
Summary Static routes which contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants are symbolic links. Details The server protects static routes from path traversal outside the root directory when...
GHSA-JWHX-XCG6-8XHJ In aiohttp, compressed files as symlinks are not protected from path traversal
Summary Static routes which contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants are symbolic links. Details The server protects static routes from path traversal outside the root directory when...
acapy-agent (>=1.1.0 <=1.1.0rc1), acapy-agent-jamie-testing (=1.0.1) +256 more potentially affected by CVE-2024-42367 via aiohttp (>=3.10.0rc0 <=3.10.11)
aiohttp PYPI version =3.10.0rc0, =1.1.0, =0.0.7.1, =4.8.2, =1.0.1, =0.61.0, =0.60.2, =0.2.1, =0.9.0, =0.0.1, =3.11.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-42367 Source advisory: OSV:GHSA-JWHX-XCG6-8XHJ...
PT-2024-29901 · Aiohttp +3 · Aiohttp +3
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.10.2 Description: The issue is related to path traversal outside the root directory in static routes containing files with compressed variants .gz or .br extension when these variants are symbolic links. The server...
GLSA-202408-11 : aiohttp: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202408-11 aiohttp: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
aiohttp: Multiple Vulnerabilities
Background aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Description Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Mageia: Security Advisory (MGASA-2024-0235)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0235 Updated python-aiohttp packages fix security vulnerability
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
Updated python-aiohttp packages fix security vulnerability
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 Exploit and PoC This repository contains a Pro...
OPENSUSE-SU-2024:13642-1 python310-aiohttp-3.9.3-1.1 on GA media
These are all security issues fixed in the python310-aiohttp-3.9.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13691-1 python310-aiohttp-3.9.3-2.1 on GA media
These are all security issues fixed in the python310-aiohttp-3.9.3-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13965-1 python310-aiohttp-3.9.5-2.1 on GA media
These are all security issues fixed in the python310-aiohttp-3.9.5-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13465-1 python310-aiohttp-3.9.0-1.1 on GA media
These are all security issues fixed in the python310-aiohttp-3.9.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13209-1 python310-aiohttp-3.8.5-2.1 on GA media
These are all security issues fixed in the python310-aiohttp-3.8.5-2.1 package on the GA media of openSUSE Tumbleweed...
aiohttp: XSS on index pages for static file handling
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...