DEBIAN-CVE-2021-21330
- Source
- https://security-tracker.debian.org/tracker/CVE-2021-21330
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-21330.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-21330
- Upstream
- Published
- 2021-02-26T03:15:12Z
- Modified
- 2025-09-25T02:28:04.634985Z
- Summary
- [none]
- Details
-
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the
aiohttp.web_middlewares.normalize_path_middlewaremiddleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid usingaiohttp.web_middlewares.normalize_path_middlewarein your applications. - References
Affected packages
Debian:11 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:deb/debian/python-aiohttp?arch=source
Debian:12 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:deb/debian/python-aiohttp?arch=source
Debian:13 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:deb/debian/python-aiohttp?arch=source
Debian:14 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:deb/debian/python-aiohttp?arch=source