package/python-aiohttp: security bump to version 3.7.4 (0e60a9aa) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 0e60a9aa authored Feb 27, 2021 by Peter Korsgaard Committed by Yann E. MORIN Feb 27, 2021

package/python-aiohttp: security bump to version 3.7.4

Fixes the following security issue:

CVE-2021-21330: Open redirect vulnerability in aiohttp
(normalize_path_middleware middleware)

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async
HTTP client/server framework, is prone to an open redirect vulnerability.  A
maliciously crafted link to an aiohttp-based web-server could redirect the
browser to a different website.

For more details, see the advisory:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg



Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent 908d9671

Hide whitespace changes

Inline Side-by-side

Please register or to comment