Описание
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable show_index if unable to upgrade.
Ссылки
- Patch
- Issue Tracking
- Vendor Advisory
- Mailing List
- Mailing List
- Mailing List
- Patch
- Issue Tracking
- Vendor Advisory
- Mailing List
- Mailing List
- Mailing List
Уязвимые конфигурации
Одно из
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
EPSS
6.1 Medium
CVSS3