12 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-42367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a...
Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367 Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote...
Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
openSUSE Security Advisory (SUSE-SU-2024:3110-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:3110-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3110-1 advisory. - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files ...
SUSE-SU-2024:3110-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files as symbolic links bsc1229226...
CVE-2024-42367 vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, request-1276, airflow, nemo, kserve, dask-gateway, checkov...
CVE-2024-42367 vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, checkov, airflow, kserve, dask-gateway...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
acapy-agent (>=1.1.0 <=1.1.0rc1), acapy-agent-jamie-testing (=1.0.1) +248 more potentially affected by CVE-2024-42367 via aiohttp (>=3.10.0rc0 <=3.10.11)
aiohttp PYPI version =3.10.0rc0, =1.1.0, =0.0.7.1, =4.8.2, =1.0.1, =0.61.0, =0.60.2, =0.2.1, =0.9.0, =0.0.1, =3.11.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-42367 Source advisory: OSV:GHSA-JWHX-XCG6-8XHJ...