| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Open redirect |
|
| Description |
| + |
In python-aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. |
|
| References |
| + |
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg |
| + |
https://github.com/aio-libs/aiohttp/commit/021c416c18392a111225bc7326063dc4a99a5138 |
|
| Notes |
|