11 matches found
Exploit for Path Traversal in Aiohttp
CVE‑2024‑23334 Path Traversal - PoC I created this script t...
Updated python-aiohttp packages fix security vulnerabilities
When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'followsymlinks' is set to True,...
USN-6991-1: AIOHTTP vulnerability
It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...
K000139353: aiohttp vulnerability CVE-2024-23334
Security Advisory Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to...
Path Traversal
Jenkins HTML Publisher Plugin is vulnerable to Path Traversal. The vulnerability is caused due to insufficient restrictions on the FOLLOWSYMLINKS variable within HtmlPublisher.java. The lack of finalization and the ability to change this variable via script during runtime allows attackers with...
Fedora 38 : python-aiohttp (2024-0ddda4c691)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0ddda4c691 advisory. Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2...
CVE-2024-23334
A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When...
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
CVE-2024-23334 aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
CVE-2024-23334 aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...