In the rapidly changing world of cybersecurity, cyber threats have been a nuisance and Ransomware is a constant menace. In a recent incident, cybersecurity firm Cyble found a serious vulnerability that threat actors are exploiting to get unauthenticated remote access to sensitive data from server files. Let’s take a look into the concerning issue.
The Aiohttp Library Vulnerability
At the core of this story lies the Aiohttp Python library, a famous web synchronous framework that makes web apps and APIs. Sadly, a bug in the library has allowed hackers to break in.
How does the vulnerability work?
The vulnerability, known as CVE-2024-23334 is a “directory traversal vulnerability.” In other words, it lets unauthorized remote actors obtain files from a server they aren’t ethically allowed to.
This is how the vulnerability works:
1. Not enough Proper Validation: When setting routes for server files, Aiohttp is unable to execute
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.