You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.web_middlewares.normalize_path_middleware middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using aiohttp.web_middlewares.normalize_path_middleware in your applications.
CVE-2021-21330 - Medium Severity Vulnerability
Vulnerable Library - aiohttp-0.16.3.tar.gz
Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/69/f0/dc5959f1b2f641c40357e66a516214ef7d2d13a5ce3cdb044d78f7c57f39/aiohttp-0.16.3.tar.gz
Path to dependency file: /folder2/requirements.txt
Path to vulnerable library: /folder2/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 6b0c64ea59feda03497ff343e6a84689235bc03a
Found in base branch: master
Vulnerability Details
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the
aiohttp.web_middlewares.normalize_path_middleware
middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid usingaiohttp.web_middlewares.normalize_path_middleware
in your applications.Publish Date: 2021-02-26
URL: CVE-2021-21330
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-v6wp-4m6f-gcjg
Release Date: 2021-02-26
Fix Resolution: v3.7.4
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: