Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie

Type deb

Namespace debian

Name python-aiohttp

Version 3.9.5-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.10.3-2

Latest_non_vulnerable_version 3.13.5-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-bhkk-2b7c-wfgr

vulnerability_id VCID-bhkk-2b7c-wfgr

summary

aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
### Summary
An attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests.

### Impact
An attacker can stop the application from serving requests after sending a single request.

-------

For anyone needing to patch older versions of aiohttp, the minimum diff needed to resolve the issue is (located in `_read_chunk_from_length()`):

```diff
diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py
index 227be605c..71fc2654a 100644
--- a/aiohttp/multipart.py
+++ b/aiohttp/multipart.py
@@ -338,6 +338,8 @@ class BodyPartReader:
         assert self._length is not None, "Content-Length required for chunked read"
         chunk_size = min(size, self._length - self._read_bytes)
         chunk = await self._content.read(chunk_size)
+        if self._content.at_eof():
+            self._at_eof = True
         return chunk
 
     async def _read_chunk_from_stream(self, size: int) -> bytes:
```

This does however introduce some very minor issues with handling form data. So, if possible, it would be recommended to also backport the changes in:
https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-30251

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.56062
published_at	2026-05-14T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56005
published_at	2026-05-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55982
published_at	2026-05-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56032
published_at	2026-05-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5597
published_at	2026-05-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56051
published_at	2026-04-21T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55978
published_at	2026-04-24T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55998
published_at	2026-04-26T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55922
published_at	2026-05-05T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55973
published_at	2026-04-29T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58097
published_at	2026-04-07T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58159
published_at	2026-04-18T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58128
published_at	2026-04-13T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58147
published_at	2026-04-12T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58171
published_at	2026-04-11T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58155
published_at	2026-04-09T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58101
published_at	2026-04-02T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58123
published_at	2026-04-04T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58151
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-30251

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/aio-libs/aiohttp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp

reference_url

https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/

url

https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597

reference_url

https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/

url

https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19

reference_url

https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/

url

https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866

reference_url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/

url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-30251

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-30251

reference_url

http://www.openwall.com/lists/oss-security/2024/05/02/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/

url

http://www.openwall.com/lists/oss-security/2024/05/02/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364
reference_id	1070364
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2278710
reference_id	2278710
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2278710

reference_url

https://github.com/advisories/GHSA-5m98-qgg9-wh84

reference_id

GHSA-5m98-qgg9-wh84

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5m98-qgg9-wh84

reference_url	https://security.gentoo.org/glsa/202408-11
reference_id	GLSA-202408-11
reference_type
scores
url	https://security.gentoo.org/glsa/202408-11

reference_url	https://access.redhat.com/errata/RHSA-2024:3781
reference_id	RHSA-2024:3781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3781

reference_url	https://access.redhat.com/errata/RHSA-2025:1335
reference_id	RHSA-2025:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1335

reference_url	https://usn.ubuntu.com/7642-1/
reference_id	USN-7642-1
reference_type
scores
url	https://usn.ubuntu.com/7642-1/

fixed_packages

url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ekqy-23wg-5ugu

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-jxqg-x9dh-z3hb

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-tn28-662n-vug8

vulnerability	VCID-ttq3-65ny-skdg

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-tmjw-8cdt-7yf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1%3Fdistro=trixie

aliases CVE-2024-30251, GHSA-5m98-qgg9-wh84

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhkk-2b7c-wfgr

url VCID-jxqg-x9dh-z3hb

vulnerability_id VCID-jxqg-x9dh-z3hb

summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23829

reference_id

reference_type

scores

value	0.00475
scoring_system	epss
scoring_elements	0.64834
published_at	2026-04-24T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64816
published_at	2026-04-21T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64961
published_at	2026-05-14T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64905
published_at	2026-05-12T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64884
published_at	2026-05-11T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64915
published_at	2026-05-09T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64871
published_at	2026-05-07T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64823
published_at	2026-05-05T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64847
published_at	2026-04-26T12:55:00Z

value	0.00475
scoring_system	epss
scoring_elements	0.64843
published_at	2026-04-29T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66624
published_at	2026-04-13T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.6659
published_at	2026-04-02T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66657
published_at	2026-04-12T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66617
published_at	2026-04-04T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66588
published_at	2026-04-07T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66636
published_at	2026-04-08T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.6665
published_at	2026-04-09T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66669
published_at	2026-04-11T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66674
published_at	2026-04-18T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.6666
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23829

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/aio-libs/aiohttp

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp

reference_url

https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/

url

https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827

reference_url

https://github.com/aio-libs/aiohttp/pull/3235

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp/pull/3235

reference_url

https://github.com/aio-libs/aiohttp/pull/8074

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/

url

https://github.com/aio-libs/aiohttp/pull/8074

reference_url

https://github.com/aio-libs/aiohttp/pull/8074/files

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp/pull/8074/files

reference_url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/

url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2

reference_url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23829

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23829

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
reference_id	1062708
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2261909
reference_id	2261909
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2261909

reference_url

https://github.com/advisories/GHSA-8qpw-xqxj-h4r2

reference_id

GHSA-8qpw-xqxj-h4r2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8qpw-xqxj-h4r2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/

reference_id

ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://usn.ubuntu.com/7642-1/
reference_id	USN-7642-1
reference_type
scores
url	https://usn.ubuntu.com/7642-1/

fixed_packages

url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-tmjw-8cdt-7yf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1%3Fdistro=trixie

aliases CVE-2024-23829, GHSA-8qpw-xqxj-h4r2, PYSEC-2024-26

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxqg-x9dh-z3hb

url VCID-pqus-ew4j-k7da

vulnerability_id VCID-pqus-ew4j-k7da

summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23334

reference_id

reference_type

scores

value	0.93482
scoring_system	epss
scoring_elements	0.99822
published_at	2026-04-11T12:55:00Z

value	0.93482
scoring_system	epss
scoring_elements	0.99824
published_at	2026-04-18T12:55:00Z

value	0.93482
scoring_system	epss
scoring_elements	0.99823
published_at	2026-04-16T12:55:00Z

value	0.93482
scoring_system	epss
scoring_elements	0.99821
published_at	2026-04-07T12:55:00Z

value	0.93482
scoring_system	epss
scoring_elements	0.99828
published_at	2026-05-12T12:55:00Z

value	0.93482
scoring_system	epss
scoring_elements	0.99827
published_at	2026-05-05T12:55:00Z

value	0.93482
scoring_system	epss
scoring_elements	0.99826
published_at	2026-04-24T12:55:00Z

value	0.93482
scoring_system	epss
scoring_elements	0.99825
published_at	2026-04-21T12:55:00Z

value	0.93651
scoring_system	epss
scoring_elements	0.99847
published_at	2026-05-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23334

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/aio-libs/aiohttp

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp

reference_url

https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/

url

https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b

reference_url

https://github.com/aio-libs/aiohttp/pull/8079

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/

url

https://github.com/aio-libs/aiohttp/pull/8079

reference_url

https://github.com/aio-libs/aiohttp/pull/8079/files

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp/pull/8079/files

reference_url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/

url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23334

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23334

reference_url

https://www.exploit-db.com/exploits/52474

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/52474

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709
reference_id	1062709
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2261887
reference_id	2261887
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2261887

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt
reference_id	CVE-2024-23334
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt

reference_url

https://github.com/advisories/GHSA-5h86-8mv2-jq9f

reference_id

GHSA-5h86-8mv2-jq9f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5h86-8mv2-jq9f

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/

reference_id

ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://usn.ubuntu.com/6991-1/
reference_id	USN-6991-1
reference_type
scores
url	https://usn.ubuntu.com/6991-1/

fixed_packages

url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ekqy-23wg-5ugu

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-jxqg-x9dh-z3hb

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-tn28-662n-vug8

vulnerability	VCID-ttq3-65ny-skdg

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-tmjw-8cdt-7yf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1%3Fdistro=trixie

aliases CVE-2024-23334, GHSA-5h86-8mv2-jq9f, PYSEC-2024-24

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqus-ew4j-k7da

url VCID-tn28-662n-vug8

vulnerability_id VCID-tn28-662n-vug8

summary

aiohttp Cross-site Scripting vulnerability on index pages for static file handling
### Summary

A XSS vulnerability exists on index pages for static file handling.

### Details

When using `web.static(..., show_index=True)`, the resulting index pages do not escape file names.

If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks.

### Workaround

We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected.

Other users can disable `show_index` if unable to upgrade.

-----

Patch: https://github.com/aio-libs/aiohttp/pull/8319/files

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27306

reference_id

reference_type

scores

value	0.00593
scoring_system	epss
scoring_elements	0.69288
published_at	2026-04-21T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.6934
published_at	2026-04-24T12:55:00Z

value	0.0069
scoring_system	epss
scoring_elements	0.7187
published_at	2026-05-11T12:55:00Z

value	0.0069
scoring_system	epss
scoring_elements	0.71906
published_at	2026-05-09T12:55:00Z

value	0.0069
scoring_system	epss
scoring_elements	0.71957
published_at	2026-05-14T12:55:00Z

value	0.0069
scoring_system	epss
scoring_elements	0.71899
published_at	2026-05-12T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72284
published_at	2026-04-29T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72288
published_at	2026-04-26T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72302
published_at	2026-05-07T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72274
published_at	2026-05-05T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73167
published_at	2026-04-18T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73158
published_at	2026-04-16T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73115
published_at	2026-04-13T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73121
published_at	2026-04-12T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73141
published_at	2026-04-11T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73117
published_at	2026-04-09T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73103
published_at	2026-04-08T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73066
published_at	2026-04-07T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73092
published_at	2026-04-04T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73072
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27306

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/aio-libs/aiohttp

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp

reference_url

https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/

url

https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397

reference_url

https://github.com/aio-libs/aiohttp/pull/8319

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/

url

https://github.com/aio-libs/aiohttp/pull/8319

reference_url

https://github.com/aio-libs/aiohttp/pull/8319/files

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aio-libs/aiohttp/pull/8319/files

reference_url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/

url

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-27306

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-27306

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
reference_id	1070665
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2275989
reference_id	2275989
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2275989

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/

reference_id

2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/

reference_url

https://github.com/advisories/GHSA-7gpw-8wmc-pm8g

reference_id

GHSA-7gpw-8wmc-pm8g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7gpw-8wmc-pm8g

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/

reference_id

NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/

reference_url	https://access.redhat.com/errata/RHSA-2024:3781
reference_id	RHSA-2024:3781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3781

reference_url	https://access.redhat.com/errata/RHSA-2024:5662
reference_id	RHSA-2024:5662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5662

reference_url	https://access.redhat.com/errata/RHSA-2025:1335
reference_id	RHSA-2025:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1335

reference_url	https://usn.ubuntu.com/7642-1/
reference_id	USN-7642-1
reference_type
scores
url	https://usn.ubuntu.com/7642-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/

reference_id

ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/

fixed_packages

url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-d3pa-kwgz-vuag

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-ft9z-nd6x-27dz

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-k122-7d38-2ug5

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-peyu-fxyx-ayde

vulnerability	VCID-qrus-4szm-c3bj

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-sjws-ddnq-fke2

vulnerability	VCID-t9gx-etxx-vkgb

vulnerability	VCID-tmjw-8cdt-7yf7

vulnerability	VCID-vqvz-jfqh-jkaz

vulnerability	VCID-zm3a-mf2z-xfcm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie

url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19q4-vzzb-8uca

vulnerability	VCID-5f1f-mrwv-zucz

vulnerability	VCID-cg9h-fysf-xygf

vulnerability	VCID-drqp-x9gc-2qd3

vulnerability	VCID-g4rj-1kzy-pkft

vulnerability	VCID-hyh4-58xy-xfge

vulnerability	VCID-kf4p-q9n9-ayhn

vulnerability	VCID-qt9z-6kwe-wbht

vulnerability	VCID-tmjw-8cdt-7yf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie

url	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
purl	pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1%3Fdistro=trixie

aliases CVE-2024-27306, GHSA-7gpw-8wmc-pm8g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn28-662n-vug8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie

Package Instance