eliott/browser-use
1
0
Fork 0
mirror of https://github.com/browser-use/browser-use synced 2026-04-22 17:45:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Bump aiohttp 3.13.3 -> 3.13.4 to patch CVE-2026-34515

Browse Source 
GHSA-p998-jp59-783m: aiohttp's static resource handler on Windows
can leak NTLMv2 credentials via UNC path traversal. Fixed in 3.13.4.

browser-use only uses aiohttp as a client (local CDP polling in
watchdogs/local_browser_watchdog.py, plus examples) — no web.Application
or add_static — so the vuln is not reachable here. Bump is prophylactic
to clear the Dependabot alert.
This commit is contained in:
Saurav Panda
2026-04-20 18:52:26 -07:00
parent 66e577d8b6
commit 8e9c3488de
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pyproject.toml
View File

@@ -11,7 +11,7 @@ classifiers = [
"Operating System :: OS Independent", "Operating System :: OS Independent",
] ]
dependencies = [ dependencies = [
"aiohttp==3.13.3", "aiohttp==3.13.4",
"anyio==4.12.1", "anyio==4.12.1",
"bubus==1.5.6", "bubus==1.5.6",
"click==8.3.1", "click==8.3.1",