Количество 8
Количество 8
GHSA-54jq-c3m8-4m76
AIOHTTP vulnerable to brute-force leak of internal static file path components
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3.
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3.
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3.
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...
SUSE-SU-2026:0859-1
Security update for python-aiohttp
SUSE-SU-2026:0858-1
Security update for python-aiohttp
openSUSE-SU-2026:20204-1
Security update for python-aiohttp, python-Brotli
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-54jq-c3m8-4m76 AIOHTTP vulnerable to brute-force leak of internal static file path components | 0% Низкий | 3 месяца назад | |
 | CVE-2025-69226 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3. | CVSS3: 5.3 | 0% Низкий | 3 месяца назад |
 | CVE-2025-69226 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3. | CVSS3: 5.3 | 0% Низкий | 3 месяца назад |
 | CVE-2025-69226 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3. | CVSS3: 5.3 | 0% Низкий | 3 месяца назад |
| CVE-2025-69226 AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... | CVSS3: 5.3 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2026:0859-1 Security update for python-aiohttp | 24 дня назад | ||
| SUSE-SU-2026:0858-1 Security update for python-aiohttp | 24 дня назад | ||
| openSUSE-SU-2026:20204-1 Security update for python-aiohttp, python-Brotli | около 2 месяцев назад |
Уязвимостей на страницу