Description
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
INFO
Published Date :
2024-04-18T14:23:25.325Z
Last Modified :
2025-11-03T20:37:02.696Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-27306 vulnerability.
| Vendors | Products |
|---|---|
| Aiohttp |
|
| Fedoraproject |
|
| Redhat |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27306.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact