aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397 https://github.com/aio-libs/aiohttp/pull/8319 https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
Created python-aiohttp tracking bugs for this issue: Affects: epel-all [bug 2275990] Affects: fedora-all [bug 2275991]
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:3781 https://access.redhat.com/errata/RHSA-2024:3781
This issue has been addressed in the following products: Red Hat Satellite 6.15 for RHEL 8 Via RHSA-2024:5662 https://access.redhat.com/errata/RHSA-2024:5662