{"repro_id":"REPRO-2026-00199","version":230,"title":"aiohttp static file directory traversal via follow_symlinks","repro_type":"security","status":"published","severity":"high","cvss_score":8.2,"description":"Improper validation of static file paths in aiohttp’s `web.static()` handler allows directory traversal when `follow_symlinks=True`, enabling attackers to read arbitrary files outside the static root. The issue is fixed in aiohttp 3.9.2.","cve_id":"CVE-2024-23334","cwe_id":"CWE-22 (Path Traversal)","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23334","package":{"name":"aiohttp","ecosystem":"pip","affected_versions":">= 1.0.5, < 3.9.2","fixed_version":"3.9.2"},"reproduced_at":"2026-07-02T05:16:05.618656+00:00","duration_secs":664.0,"tool_calls":69,"handoffs":1,"total_cost_usd":1.87650527,"agent_costs":{"hypothesis_generator":0.0117812,"judge":0.025985549999999996,"repro":1.80079998,"support":0.03793854},"cost_breakdown":{"hypothesis_generator":{"accounts/fireworks/models/glm-5p2":0.0117812},"judge":{"gpt-5.4-mini":0.025985549999999996},"repro":{"accounts/fireworks/routers/glm-5p2-fast":1.80079998},"support":{"accounts/fireworks/routers/glm-5p2-fast":0.03793854}},"quality":{"confidence":"high","idempotent_verified":false,"community_verifications":0},"published_at":"2026-07-02T05:16:06.215507+00:00","retracted":false,"artifacts":[{"path":"bundle/repro/reproduction_steps.sh","filename":"reproduction_steps.sh","size":31997,"category":"reproduction_script"},{"path":"bundle/repro/rca_report.md","filename":"rca_report.md","size":4688,"category":"analysis"},{"path":"bundle/repro/runtime_manifest.json","filename":"runtime_manifest.json","size":4057,"category":"other"},{"path":"bundle/repro/validation_verdict.json","filename":"validation_verdict.json","size":736,"category":"other"},{"path":"bundle/ticket.json","filename":"ticket.json","size":3632,"category":"other"},{"path":"bundle/ticket.md","filename":"ticket.md","size":3106,"category":"ticket"},{"path":"bundle/logs/uv_venv_3.9.1.log","filename":"uv_venv_3.9.1.log","size":160,"category":"log"},{"path":"bundle/logs/uv_pip_3.9.2.log","filename":"uv_pip_3.9.2.log","size":630,"category":"log"},{"path":"bundle/logs/fixed_1.log","filename":"fixed_1.log","size":1716,"category":"log"},{"path":"bundle/logs/vulnerable_1.log","filename":"vulnerable_1.log","size":1581,"category":"log"},{"path":"bundle/logs/pip_install_3.9.2.log","filename":"pip_install_3.9.2.log","size":0,"category":"log"},{"path":"bundle/logs/fixed_2.log","filename":"fixed_2.log","size":1716,"category":"log"},{"path":"bundle/logs/uv_install.log","filename":"uv_install.log","size":0,"category":"log"},{"path":"bundle/logs/reproduction_steps.log","filename":"reproduction_steps.log","size":14525,"category":"log"},{"path":"bundle/logs/uv_venv_3.9.2.log","filename":"uv_venv_3.9.2.log","size":160,"category":"log"},{"path":"bundle/logs/pip_install_3.9.1.log","filename":"pip_install_3.9.1.log","size":0,"category":"log"},{"path":"bundle/logs/uv_pip_3.9.1.log","filename":"uv_pip_3.9.1.log","size":631,"category":"log"},{"path":"bundle/logs/vulnerable_2.log","filename":"vulnerable_2.log","size":1581,"category":"log"},{"path":"bundle/repro/artifacts/http/fixed_1/health_resp.txt","filename":"health_resp.txt","size":2,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/leak_method.txt","filename":"leak_method.txt","size":1,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m1_headers.txt","filename":"m1_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m1_resp.txt","filename":"m1_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m2_headers.txt","filename":"m2_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m2_resp.txt","filename":"m2_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m3_headers.txt","filename":"m3_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m3_resp.txt","filename":"m3_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m4_headers.txt","filename":"m4_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m4_resp.txt","filename":"m4_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/result.txt","filename":"result.txt","size":8,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/version.txt","filename":"version.txt","size":6,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/health_resp.txt","filename":"health_resp.txt","size":2,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/leak_method.txt","filename":"leak_method.txt","size":1,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m1_headers.txt","filename":"m1_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m1_resp.txt","filename":"m1_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m2_headers.txt","filename":"m2_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m2_resp.txt","filename":"m2_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m3_headers.txt","filename":"m3_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m3_resp.txt","filename":"m3_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m4_headers.txt","filename":"m4_headers.txt","size":159,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m4_resp.txt","filename":"m4_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/result.txt","filename":"result.txt","size":8,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/version.txt","filename":"version.txt","size":6,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/health_resp.txt","filename":"health_resp.txt","size":2,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/leak_method.txt","filename":"leak_method.txt","size":15,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m1_headers.txt","filename":"m1_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m1_resp.txt","filename":"m1_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m2_headers.txt","filename":"m2_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m2_resp.txt","filename":"m2_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m3_headers.txt","filename":"m3_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m3_resp.txt","filename":"m3_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m4_headers.txt","filename":"m4_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m4_resp.txt","filename":"m4_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/proof_leak.txt","filename":"proof_leak.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/proof_leak_headers.txt","filename":"proof_leak_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/result.txt","filename":"result.txt","size":7,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/version.txt","filename":"version.txt","size":6,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/health_resp.txt","filename":"health_resp.txt","size":2,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/leak_method.txt","filename":"leak_method.txt","size":15,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m1_headers.txt","filename":"m1_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m1_resp.txt","filename":"m1_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m2_headers.txt","filename":"m2_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m2_resp.txt","filename":"m2_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m3_headers.txt","filename":"m3_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m3_resp.txt","filename":"m3_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m4_headers.txt","filename":"m4_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m4_resp.txt","filename":"m4_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/proof_leak.txt","filename":"proof_leak.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/proof_leak_headers.txt","filename":"proof_leak_headers.txt","size":234,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/result.txt","filename":"result.txt","size":7,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/version.txt","filename":"version.txt","size":6,"category":"other"},{"path":"bundle/repro/artifacts/source_diff.txt","filename":"source_diff.txt","size":2399,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m5_headers.txt","filename":"m5_headers.txt","size":178,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/m5_resp.txt","filename":"m5_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_1/runtime_versions.txt","filename":"runtime_versions.txt","size":1318,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m5_headers.txt","filename":"m5_headers.txt","size":178,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/m5_resp.txt","filename":"m5_resp.txt","size":14,"category":"other"},{"path":"bundle/repro/artifacts/http/fixed_2/runtime_versions.txt","filename":"runtime_versions.txt","size":1318,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m5_headers.txt","filename":"m5_headers.txt","size":253,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/m5_resp.txt","filename":"m5_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_1/runtime_versions.txt","filename":"runtime_versions.txt","size":1318,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m5_headers.txt","filename":"m5_headers.txt","size":253,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/m5_resp.txt","filename":"m5_resp.txt","size":40,"category":"other"},{"path":"bundle/repro/artifacts/http/vulnerable_2/runtime_versions.txt","filename":"runtime_versions.txt","size":1318,"category":"other"}]}