Verified — aiohttp static file directory traversal via follow_symlinks
Severity HIGH
Confidence HIGH
Reproduced in 11m 4s
Tool calls 69
Spend $1.88
Affected >= 1.0.5, < 3.9.2
Fixed in 3.9.2
$
pruva-verify REPRO-2026-00199 or
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00199/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh Run in a VM or disposable container. This exploits a real vulnerability.
Improper validation of static file paths in aiohttp’s web.static() handler allows directory traversal when follow_symlinks=True, enabling attackers to read arbitrary files outside the static root. The issue is fixed in aiohttp 3.9.2.
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.
bundle/repro/runtime_manifest.json4.0 KBbundle/repro/validation_verdict.json0.7 KBbundle/ticket.json3.5 KBbundle/ticket.md3.0 KBbundle/logs/uv_venv_3.9.1.log0.2 KBbundle/logs/uv_pip_3.9.2.log0.6 KBbundle/logs/fixed_1.log1.7 KBbundle/logs/vulnerable_1.log1.5 KBbundle/logs/pip_install_3.9.2.log0.0 KBbundle/logs/fixed_2.log1.7 KBbundle/logs/uv_install.log0.0 KBbundle/logs/reproduction_steps.log14.2 KBbundle/logs/uv_venv_3.9.2.log0.2 KBbundle/logs/pip_install_3.9.1.log0.0 KBbundle/logs/uv_pip_3.9.1.log0.6 KBbundle/logs/vulnerable_2.log1.5 KBbundle/repro/reproduction_steps.sh31.2 KBbundle/repro/rca_report.md4.6 KBbundle/repro/artifacts/http/fixed_1/health_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_1/leak_method.txt0.0 KBbundle/repro/artifacts/http/fixed_1/m1_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_1/m1_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_1/m2_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_1/m2_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_1/m3_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_1/m3_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_1/m4_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_1/m4_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_1/result.txt0.0 KBbundle/repro/artifacts/http/fixed_1/version.txt0.0 KBbundle/repro/artifacts/http/fixed_2/health_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_2/leak_method.txt0.0 KBbundle/repro/artifacts/http/fixed_2/m1_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_2/m1_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_2/m2_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_2/m2_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_2/m3_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_2/m3_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_2/m4_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_2/m4_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_2/result.txt0.0 KBbundle/repro/artifacts/http/fixed_2/version.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/health_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/leak_method.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/m1_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_1/m1_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/m2_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_1/m2_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/m3_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_1/m3_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/m4_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_1/m4_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/proof_leak.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/proof_leak_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_1/result.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/version.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/health_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/leak_method.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/m1_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_2/m1_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/m2_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_2/m2_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/m3_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_2/m3_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/m4_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_2/m4_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/proof_leak.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/proof_leak_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_2/result.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/version.txt0.0 KBbundle/repro/artifacts/source_diff.txt2.3 KBbundle/repro/artifacts/http/fixed_1/m5_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_1/m5_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_1/runtime_versions.txt1.3 KBbundle/repro/artifacts/http/fixed_2/m5_headers.txt0.2 KBbundle/repro/artifacts/http/fixed_2/m5_resp.txt0.0 KBbundle/repro/artifacts/http/fixed_2/runtime_versions.txt1.3 KBbundle/repro/artifacts/http/vulnerable_1/m5_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_1/m5_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_1/runtime_versions.txt1.3 KBbundle/repro/artifacts/http/vulnerable_2/m5_headers.txt0.2 KBbundle/repro/artifacts/http/vulnerable_2/m5_resp.txt0.0 KBbundle/repro/artifacts/http/vulnerable_2/runtime_versions.txt1.3 KB