Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a
async HTTP client/server framework, is prone to an open redirect
vulnerability. A maliciously crafted link to an aiohttp-based web-server
could redirect the browser to a different website.
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your python-aiohttp packages.