Advisory for aiohttp Framework Security Update (CVE-2024-23334)

Feb 29 2024

Overview

An update has been made available to address a vulnerability in the AIOHTTP framework. users of affected versions are advised to update to the latest version.

Affected Products

aiohttp 1.0.5 at least and prior to 3.9.2

Resolved Vulnerabilities

Directory Traversal Vulnerability due to improperly configured static resource resolution in aiohttp (CVE-2024-23334)

Vulnerability Patches

vulnerability Patches were made available in the January 29, 2024 update. Please update to the latest Vulnerability Patches version according to the Referenced Sites.

aIOHTTP version 3.9.2

Referenced Sites

[1] CVE-2024-23334 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-23334#range-10316999
[2] aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
[3] Validate static paths (#8079)
https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b

Advisory for aiohttp Framework Security Update (CVE-2024-23334)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Spring Framework Security Update Advisory (CVE-2024-22243)

Apache Solr Product Security Update Advisory (CVE-2023-50386)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Spring Framework Security Update Advisory (CVE-2024-22243)

Apache Solr Product Security Update Advisory (CVE-2023-50386)