Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-27306

Published: 18/04/2024 Updated: 18/04/2024

Vulnerability Summary

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.

References

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8ghttps://github.com/aio-libs/aiohttp/pull/8319https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook