Web Servers : aiohttp < 3.7.4 Open Redirect Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.114556

Categoría: Web Servers

Título: aiohttp < 3.7.4 Open Redirect Vulnerability - Linux

Resumen: aiohttp is prone to an open redirect vulnerability.

Descripción: Summary:
aiohttp is prone to an open redirect vulnerability.

Vulnerability Insight:
A maliciously crafted link to an aiohttp-based web-server could
redirect the browser to a different website.

It is caused by a bug in the aiohttp.web_middlewares.normalize_path_middleware middleware.

Affected Software/OS:
aiohttp versions prior to 3.7.4.

Solution:
Update to version 3.7.4 or later.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-21330
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
Debian Security Information: DSA-4864 (Google Search)
https://www.debian.org/security/2021/dsa-4864
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3V7CZJRT4QFCVXB6LDPCJH7NAOFCA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU7ENI54JNEK3PHEFGCE46DGMFNTVU6L/
https://security.gentoo.org/glsa/202208-19
https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25
https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b
https://pypi.org/project/aiohttp/

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.114556
Categoría:	Web Servers
Título:	aiohttp < 3.7.4 Open Redirect Vulnerability - Linux
Resumen:	aiohttp is prone to an open redirect vulnerability.
Descripción:	Summary: aiohttp is prone to an open redirect vulnerability. Vulnerability Insight: A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.web_middlewares.normalize_path_middleware middleware. Affected Software/OS: aiohttp versions prior to 3.7.4. Solution: Update to version 3.7.4 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-21330 https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg Debian Security Information: DSA-4864 (Google Search) https://www.debian.org/security/2021/dsa-4864 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3V7CZJRT4QFCVXB6LDPCJH7NAOFCA5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU7ENI54JNEK3PHEFGCE46DGMFNTVU6L/ https://security.gentoo.org/glsa/202208-19 https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b https://pypi.org/project/aiohttp/
Copyright	Copyright (C) 2024 Greenbone AG