Published: 26/02/2021 Updated: 22/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aiohttp aiohttp
debian debian linux 10.0
fedoraproject fedora 33
fedoraproject fedora 34

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async HTTP client/server framework, is prone to an open redirect vulnerability A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website For the stable distribution (buster), this problem has been fixed in version 351-1+deb10u1 ...

In python-aiohttp before version 374 there is an open redirect vulnerability A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website It is caused by a bug in the `aiohttpweb_middlewaresnormalize_path_middleware` middleware This security problem has been fixed in 374 ...

Poly bot is a discord bot that provides all type of conversions (I.E. language, measurements, etc)

PolyBot PolyBot initially started as a simple Discord bot that provided conversions between many different data types (ie language, units of measurements, etc) We hope that with the help of Poly, users will be able to perform a myriad of actions whilst in Discord, without needing to reach for the web browser - be it converting between currencies like USD and CAD, finding the

A simple Discord Bot that makes a post in AzureMS whenever there is a new post on Orange Mushroom Blog

Max_Feeder A Discord Bot that makes a post whenever there is a new post on Orange Mushroom Blog Max_Feeder works by scraping/processing the RSS feed for Max's blog A launcher script (startbat) has been provided in the root of the repository You may run this batch file to start the bot after configuring src/configjson Technical Details Target Minimum Target Maximu

CWE-601 https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 https://pypi.org/project/aiohttp/https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg https://www.debian.org/security/2021/dsa-4864 https://security.gentoo.org/glsa/202208-19 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3V7CZJRT4QFCVXB6LDPCJH7NAOFCA5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU7ENI54JNEK3PHEFGCE46DGMFNTVU6L/https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4864 https://github.com/Bratah123/PolyBot

CVE-2021-21330

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect