MEDIUM 6.4

GHSA-jg22-mg44-37j8

AIOHTTP is Vulnerable to Deserialization of Untrusted Data

상세

### Summary

Using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution.

### Impact

Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.

### Workaround

If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitise the files before loading.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

최초 영향 버전: 0 수정 버전: 3.14.0

수정 pip install --upgrade 'aiohttp>=3.14.0'