Lucene search
+L

4 matches found

SUSE Linux
SUSE Linux
added 2024/12/20 12:2 p.m.2 views

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

6.1CVSS6.9AI score0.00666EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/08/20 8:33 p.m.7 views

aiohttp: XSS on index pages for static file handling

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

6.1CVSS5.6AI score0.00666EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/10 6:41 p.m.7 views

aiohttp: XSS on index pages for static file handling

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

6.1CVSS5.6AI score0.00666EPSS
Exploits0References4
OSV
OSV
added 2024/04/18 3:15 p.m.9 views

AZL-43357 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.7AI score0.00666EPSS
Exploits0References1
Rows per page
Query Builder