Количество 9
Количество 9
CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
SUSE-SU-2024:4396-1
Security update for python-aiohttp
SUSE-SU-2024:1866-1
Security update for python-aiohttp
GHSA-7gpw-8wmc-pm8g
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
BDU:2025-03458
Уязвимость метода web.static(..., show_index=True) HTTP-клиента aiohttp, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность системы
ROS-20250114-01
Множественные уязвимости python3-aiohttp
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-27306 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
 | CVE-2024-27306 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
 | CVE-2024-27306 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| CVE-2024-27306 aiohttp is an asynchronous HTTP client/server framework for asyncio an ... | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
 | SUSE-SU-2024:4396-1 Security update for python-aiohttp | 1% Низкий | 12 месяцев назад | |
| SUSE-SU-2024:1866-1 Security update for python-aiohttp | 1% Низкий | больше 1 года назад | |
| GHSA-7gpw-8wmc-pm8g aiohttp Cross-site Scripting vulnerability on index pages for static file handling | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
 | BDU:2025-03458 Уязвимость метода web.static(..., show_index=True) HTTP-клиента aiohttp, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность системы | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
 | ROS-20250114-01 Множественные уязвимости python3-aiohttp | CVSS3: 7.5 | 11 месяцев назад |
Уязвимостей на страницу