1147 matches found
AZL-47754 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
DEBIAN-CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
AZL-47763 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
Path Traversal
aiohttp is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic links in compressed file variants .gz or .br extensions, which can allow access outside the root directory when followsymlinks=False is set...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp versions prior to 3.10.2, which stems from the FileResponse class not performing path checking relative to the root directory when looking for...
Malicious code in aiohttp-libscss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d5cb2d30b1084d16cbffd08a377d8723d794f112d1d33e666a4d4154653015e0 Imitate legit package, when used, sends out the URL of web application using the package --- Category: MALICIOUS - The campaign has clearly malicious intent,...
MAL-2024-9937 Malicious code in aiohttp-libscss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d5cb2d30b1084d16cbffd08a377d8723d794f112d1d33e666a4d4154653015e0 Imitate legit package, when used, sends out the URL of web application using the package --- Category: MALICIOUS - The campaign has clearly malicious intent,...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367
The CVE-2024-42367 issue affects aiohttp (Python) on the 3.10 branch prior to 3.10.2. It describes a path traversal vulnerability in static routes that serve files with compressed variants (.gz, .br) when those variants are symbolic links. The root cause is that, although the server normally prot...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
acapy-agent (>=1.1.0 <=1.1.0rc1), acapy-agent-jamie-testing (=1.0.1) +249 more potentially affected by CVE-2024-42367 via aiohttp (>=3.10.0rc0 <=3.10.11)
aiohttp PYPI version =3.10.0rc0, =1.1.0, =0.0.7.1, =4.8.2, =1.0.1, =0.61.0, =0.60.2, =0.2.1, =0.9.0, =0.0.1, =3.11.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-42367 Source advisory: OSV:GHSA-JWHX-XCG6-8XHJ...
GHSA-JWHX-XCG6-8XHJ In aiohttp, compressed files as symlinks are not protected from path traversal
Summary Static routes which contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants are symbolic links. Details The server protects static routes from path traversal outside the root directory when...
In aiohttp, compressed files as symlinks are not protected from path traversal
Summary Static routes which contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants are symbolic links. Details The server protects static routes from path traversal outside the root directory when...
PT-2024-29901 · Aiohttp +3 · Aiohttp +3
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.10.2 Description: The issue is related to path traversal outside the root directory in static routes containing files with compressed variants .gz or .br extension when these variants are symbolic links. The server...
aiohttp: Multiple Vulnerabilities
Background aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Description Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
GLSA-202408-11 : aiohttp: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202408-11 aiohttp: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...