1128 matches found
aiohttp < 3.10.2 Path Traversal Vulnerability - Windows
aiohttp is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...
AZL-47754 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
DEBIAN-CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
AZL-47763 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
Path Traversal
aiohttp is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic links in compressed file variants .gz or .br extensions, which can allow access outside the root directory when followsymlinks=False is set...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp versions prior to 3.10.2, which stems from the FileResponse class not performing path checking relative to the root directory when looking for...
MAL-2024-9937 Malicious code in aiohttp-libscss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d5cb2d30b1084d16cbffd08a377d8723d794f112d1d33e666a4d4154653015e0 Imitate legit package, when used, sends out the URL of web application using the package --- Category: MALICIOUS - The campaign has clearly malicious intent,...
Malicious code in aiohttp-libscss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d5cb2d30b1084d16cbffd08a377d8723d794f112d1d33e666a4d4154653015e0 Imitate legit package, when used, sends out the URL of web application using the package --- Category: MALICIOUS - The campaign has clearly malicious intent,...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367
The CVE-2024-42367 issue affects aiohttp (Python) on the 3.10 branch prior to 3.10.2. It describes a path traversal vulnerability in static routes that serve files with compressed variants (.gz, .br) when those variants are symbolic links. The root cause is that, although the server normally prot...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
In aiohttp, compressed files as symlinks are not protected from path traversal
Summary Static routes which contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants are symbolic links. Details The server protects static routes from path traversal outside the root directory when...
GHSA-JWHX-XCG6-8XHJ In aiohttp, compressed files as symlinks are not protected from path traversal
Summary Static routes which contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants are symbolic links. Details The server protects static routes from path traversal outside the root directory when...
acapy-agent (>=1.1.0 <=1.1.0rc1), acapy-agent-jamie-testing (=1.0.1) +249 more potentially affected by CVE-2024-42367 via aiohttp (>=3.10.0rc0 <=3.10.11)
aiohttp PYPI version =3.10.0rc0, =1.1.0, =0.0.7.1, =4.8.2, =1.0.1, =0.61.0, =0.60.2, =0.2.1, =0.9.0, =0.0.1, =3.11.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-42367 Source advisory: OSV:GHSA-JWHX-XCG6-8XHJ...
PT-2024-29901 · Aiohttp +3 · Aiohttp +3
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.10.2 Description: The issue is related to path traversal outside the root directory in static routes containing files with compressed variants .gz or .br extension when these variants are symbolic links. The server...
aiohttp: Multiple Vulnerabilities
Background aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Description Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...