Description

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.

INFO

Published Date :

2024-04-18T14:23:25.325Z

Last Modified :

2025-11-03T20:37:02.696Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27306 vulnerability.

Vendors Products
Aiohttp
  • Aiohttp
Fedoraproject
  • Fedora
Redhat
  • Ansible Automation Platform
  • Rhui
  • Satellite
  • Satellite Capsule

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact