Critical Bug in aiohttp: Ransomware Attackers On A Roll

Critical Bug in aiohttp: Ransomware Attackers On A Roll

In the rapidly changing world of cybersecurity, cyber threats have been a nuisance and Ransomware is a constant menace. In a recent incident, cybersecurity firm Cyble found a serious vulnerability that threat actors are exploiting to get unauthenticated remote access to sensitive data from server files. Let’s take a look into the concerning issue.

The Aiohttp Library Vulnerability

At the core of this story lies the Aiohttp Python library, a famous web synchronous framework that makes web apps and APIs. Sadly, a bug in the library has allowed hackers to break in. 

How does the vulnerability work?

The vulnerability, known as CVE-2024-23334 is a “directory traversal vulnerability.” In other words, it lets unauthorized remote actors obtain files from a server they aren’t ethically allowed to. 

This is how the vulnerability works:

1. Not enough Proper Validation: When setting routes for server files, Aiohttp is unable to execute

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: