aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-18T14:23:25.325Z
Updated: 2024-06-20T13:35:26.968Z
Reserved: 2024-02-22T18:08:38.876Z
Link: CVE-2024-27306
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-18T15:15:29.050
Modified: 2024-05-02T03:15:14.943
Link: CVE-2024-27306
JSON object: View
Redhat Information
No data.