CNNVD-202601-806 Information
Jan 05, 2026
cve
CNNVD ID
CNNVD-202601-806
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
aiohttp是aio-libs开源的一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 aiohttp 3.13.2及之前版本存在信息泄露漏洞,该漏洞源于路径规范化逻辑可能泄露绝对路径组件信息,可能导致路径遍历攻击。
Description (English)
Aiohttp is an open source of aio-libs open source for asyncio and Python’s walk HTTP client/server framework. Aiohttp 3.13.2 and previous versions contain a leaking loophole, which stems from the fact that path-standardization logic may reveal absolute path component information and may lead to path-to-path attacks.
Hazard Level
High
Vulnerability Type
信息泄露
Affected Vendor
aio-libs
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/aio-libs/aio
Patch
https://docs.aiohttp.org/en/stable/
Share on: