SUSE CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

DEBIAN-CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

AZL-47763 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

UBUNTU-CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp versions prior to 3.10.2, which stems from the FileResponse class not performing path checking relative to the root directory when looking for...

CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

GHSA-JWHX-XCG6-8XHJ In aiohttp, compressed files as symlinks are not protected from path traversal

Summary Static routes which contain files with compressed variants .gz or .br extension were vulnerable to path traversal outside the root directory if those variants are symbolic links. Details The server protects static routes from path traversal outside the root directory when...