AZL-73503

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73503.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73503

Upstream

CVE-2025-69226

Published

2026-01-05T23:15:40Z

Modified

2026-04-01T05:22:18.330091Z

Summary

CVE-2025-69226 affecting package python-aiohttp 3.6.2-3

Details

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-69226

Affected packages

Azure Linux:2 / python-aiohttp

Package

Name: python-aiohttp
Purl: pkg:rpm/azure-linux/python-aiohttp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.6.2-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73503.json"