It was discovered that AIOHTTP did not properly restrict file access when the 'follow_symlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.8.1-4ubuntu0.2", "binary_name": "python-aiohttp-doc" }, { "binary_version": "3.8.1-4ubuntu0.2", "binary_name": "python3-aiohttp" }, { "binary_version": "3.8.1-4ubuntu0.2", "binary_name": "python3-aiohttp-dbgsym" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.9.1-1ubuntu0.1", "binary_name": "python-aiohttp-doc" }, { "binary_version": "3.9.1-1ubuntu0.1", "binary_name": "python3-aiohttp" }, { "binary_version": "3.9.1-1ubuntu0.1", "binary_name": "python3-aiohttp-dbgsym" } ] }