Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
Vulnerability Description
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.
CVSS Information
N/A
Vulnerability Type
绝对路径遍历
Vulnerability Title
aiohttp 代码问题漏洞
Vulnerability Description
aiohttp是aio-libs开源的一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 AIOHTTP 3.13.4之前版本存在代码问题漏洞,该漏洞源于在Windows上,静态资源处理程序可能泄露NTLMv2远程路径信息。
CVSS Information
N/A
Vulnerability Type
N/A