Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ekqy-23wg-5ugu
Summary
In aiohttp, compressed files as symlinks are not protected from path traversal
### Summary
Static routes which contain files with compressed variants (`.gz` or `.br` extension) were vulnerable to path traversal outside the root directory if those variants are symbolic links.

### Details
The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default).  It does this by resolving the requested URL to an absolute path and then checking that path relative to the root.  However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing `Path.stat()` and `Path.open()` to send the file.

### Impact
Servers with static routes that contain compressed variants as symbolic links, pointing outside the root directory, or that permit users to upload or create such links, are impacted.

----

Patch: https://github.com/aio-libs/aiohttp/pull/8653/files
Aliases
0
alias CVE-2024-42367
1
alias GHSA-jwhx-xcg6-8xhj
Fixed_packages
0
url pkg:deb/debian/python-aiohttp@0?distro=trixie
purl pkg:deb/debian/python-aiohttp@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@0%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.10.3-2?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.10.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.10.3-2%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.11.16-1
purl pkg:deb/debian/python-aiohttp@3.11.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ft9z-nd6x-27dz
6
vulnerability VCID-g4rj-1kzy-pkft
7
vulnerability VCID-hyh4-58xy-xfge
8
vulnerability VCID-k122-7d38-2ug5
9
vulnerability VCID-kf4p-q9n9-ayhn
10
vulnerability VCID-peyu-fxyx-ayde
11
vulnerability VCID-qrus-4szm-c3bj
12
vulnerability VCID-qt9z-6kwe-wbht
13
vulnerability VCID-sjws-ddnq-fke2
14
vulnerability VCID-t9gx-etxx-vkgb
15
vulnerability VCID-tmjw-8cdt-7yf7
16
vulnerability VCID-vqvz-jfqh-jkaz
17
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-drqp-x9gc-2qd3
4
vulnerability VCID-g4rj-1kzy-pkft
5
vulnerability VCID-hyh4-58xy-xfge
6
vulnerability VCID-kf4p-q9n9-ayhn
7
vulnerability VCID-qt9z-6kwe-wbht
8
vulnerability VCID-tmjw-8cdt-7yf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
6
url pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.5-1%3Fdistro=trixie
7
url pkg:pypi/aiohttp@3.10.2
purl pkg:pypi/aiohttp@3.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-dr2r-7qda-tfh5
5
vulnerability VCID-drqp-x9gc-2qd3
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-k122-7d38-2ug5
10
vulnerability VCID-kf4p-q9n9-ayhn
11
vulnerability VCID-peyu-fxyx-ayde
12
vulnerability VCID-qrus-4szm-c3bj
13
vulnerability VCID-qt9z-6kwe-wbht
14
vulnerability VCID-sjws-ddnq-fke2
15
vulnerability VCID-t9gx-etxx-vkgb
16
vulnerability VCID-tmjw-8cdt-7yf7
17
vulnerability VCID-vqvz-jfqh-jkaz
18
vulnerability VCID-zm3a-mf2z-xfcm
19
vulnerability VCID-zrgm-47ph-x3g3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.2
Affected_packages
0
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-drqp-x9gc-2qd3
5
vulnerability VCID-ekqy-23wg-5ugu
6
vulnerability VCID-ft9z-nd6x-27dz
7
vulnerability VCID-g4rj-1kzy-pkft
8
vulnerability VCID-hyh4-58xy-xfge
9
vulnerability VCID-jxqg-x9dh-z3hb
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-tn28-662n-vug8
19
vulnerability VCID-ttq3-65ny-skdg
20
vulnerability VCID-vqvz-jfqh-jkaz
21
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1
2
url pkg:pypi/aiohttp@3.10.0b1
purl pkg:pypi/aiohttp@3.10.0b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-dr2r-7qda-tfh5
5
vulnerability VCID-drqp-x9gc-2qd3
6
vulnerability VCID-ekqy-23wg-5ugu
7
vulnerability VCID-ft9z-nd6x-27dz
8
vulnerability VCID-g4rj-1kzy-pkft
9
vulnerability VCID-hyh4-58xy-xfge
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-vqvz-jfqh-jkaz
19
vulnerability VCID-zm3a-mf2z-xfcm
20
vulnerability VCID-zrgm-47ph-x3g3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.0b1
3
url pkg:pypi/aiohttp@3.10.0rc0
purl pkg:pypi/aiohttp@3.10.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-dr2r-7qda-tfh5
5
vulnerability VCID-drqp-x9gc-2qd3
6
vulnerability VCID-ekqy-23wg-5ugu
7
vulnerability VCID-ft9z-nd6x-27dz
8
vulnerability VCID-g4rj-1kzy-pkft
9
vulnerability VCID-hyh4-58xy-xfge
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-vqvz-jfqh-jkaz
19
vulnerability VCID-zm3a-mf2z-xfcm
20
vulnerability VCID-zrgm-47ph-x3g3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.0rc0
4
url pkg:pypi/aiohttp@3.10.0
purl pkg:pypi/aiohttp@3.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-dr2r-7qda-tfh5
5
vulnerability VCID-drqp-x9gc-2qd3
6
vulnerability VCID-ekqy-23wg-5ugu
7
vulnerability VCID-ft9z-nd6x-27dz
8
vulnerability VCID-g4rj-1kzy-pkft
9
vulnerability VCID-hyh4-58xy-xfge
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-vqvz-jfqh-jkaz
19
vulnerability VCID-zm3a-mf2z-xfcm
20
vulnerability VCID-zrgm-47ph-x3g3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.0
5
url pkg:pypi/aiohttp@3.10.1
purl pkg:pypi/aiohttp@3.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19q4-vzzb-8uca
1
vulnerability VCID-5f1f-mrwv-zucz
2
vulnerability VCID-cg9h-fysf-xygf
3
vulnerability VCID-d3pa-kwgz-vuag
4
vulnerability VCID-dr2r-7qda-tfh5
5
vulnerability VCID-drqp-x9gc-2qd3
6
vulnerability VCID-ekqy-23wg-5ugu
7
vulnerability VCID-ft9z-nd6x-27dz
8
vulnerability VCID-g4rj-1kzy-pkft
9
vulnerability VCID-hyh4-58xy-xfge
10
vulnerability VCID-k122-7d38-2ug5
11
vulnerability VCID-kf4p-q9n9-ayhn
12
vulnerability VCID-peyu-fxyx-ayde
13
vulnerability VCID-qrus-4szm-c3bj
14
vulnerability VCID-qt9z-6kwe-wbht
15
vulnerability VCID-sjws-ddnq-fke2
16
vulnerability VCID-t9gx-etxx-vkgb
17
vulnerability VCID-tmjw-8cdt-7yf7
18
vulnerability VCID-vqvz-jfqh-jkaz
19
vulnerability VCID-zm3a-mf2z-xfcm
20
vulnerability VCID-zrgm-47ph-x3g3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.10.1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42367.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42367
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.5771
published_at 2026-05-15T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57694
published_at 2026-05-14T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.57627
published_at 2026-05-12T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57599
published_at 2026-05-11T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57651
published_at 2026-05-09T12:55:00Z
5
value 0.00352
scoring_system epss
scoring_elements 0.57588
published_at 2026-05-07T12:55:00Z
6
value 0.00352
scoring_system epss
scoring_elements 0.57543
published_at 2026-05-05T12:55:00Z
7
value 0.00352
scoring_system epss
scoring_elements 0.57586
published_at 2026-04-29T12:55:00Z
8
value 0.00352
scoring_system epss
scoring_elements 0.57607
published_at 2026-04-26T12:55:00Z
9
value 0.00352
scoring_system epss
scoring_elements 0.57587
published_at 2026-04-24T12:55:00Z
10
value 0.00352
scoring_system epss
scoring_elements 0.57629
published_at 2026-04-21T12:55:00Z
11
value 0.00352
scoring_system epss
scoring_elements 0.57655
published_at 2026-04-16T12:55:00Z
12
value 0.00352
scoring_system epss
scoring_elements 0.57618
published_at 2026-04-04T12:55:00Z
13
value 0.00352
scoring_system epss
scoring_elements 0.57625
published_at 2026-04-13T12:55:00Z
14
value 0.00352
scoring_system epss
scoring_elements 0.57645
published_at 2026-04-12T12:55:00Z
15
value 0.00352
scoring_system epss
scoring_elements 0.57665
published_at 2026-04-11T12:55:00Z
16
value 0.00352
scoring_system epss
scoring_elements 0.5765
published_at 2026-04-18T12:55:00Z
17
value 0.00352
scoring_system epss
scoring_elements 0.57646
published_at 2026-04-08T12:55:00Z
18
value 0.00352
scoring_system epss
scoring_elements 0.57593
published_at 2026-04-07T12:55:00Z
19
value 0.00352
scoring_system epss
scoring_elements 0.57597
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42367
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
4
reference_url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_fileresponse.py#L177
5
reference_url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/blob/e0ff5246e1d29b7710ab1a2bbc972b48169f1c05/aiohttp/web_urldispatcher.py#L674
6
reference_url https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/commit/ce2e9758814527589b10759a20783fb03b98339f
7
reference_url https://github.com/aio-libs/aiohttp/pull/8653
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/pull/8653
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:18:15Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jwhx-xcg6-8xhj
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42367
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42367
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2304394
reference_id 2304394
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2304394
11
reference_url https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
reference_id GHSA-jwhx-xcg6-8xhj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
Weaknesses
0
cwe_id 61
name UNIX Symbolic Link (Symlink) Following
description The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ekqy-23wg-5ugu