aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable show_index
if unable to upgrade.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "3.8.1-4ubuntu0.2+esm1", "binary_name": "python-aiohttp-doc" }, { "binary_version": "3.8.1-4ubuntu0.2+esm1", "binary_name": "python3-aiohttp" }, { "binary_version": "3.8.1-4ubuntu0.2+esm1", "binary_name": "python3-aiohttp-dbgsym" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "3.9.1-1ubuntu0.1+esm1", "binary_name": "python-aiohttp-doc" }, { "binary_version": "3.9.1-1ubuntu0.1+esm1", "binary_name": "python3-aiohttp" }, { "binary_version": "3.9.1-1ubuntu0.1+esm1", "binary_name": "python3-aiohttp-dbgsym" } ] }