G147

**Name of the Vulnerable Software and Affected Versions** aiohttp versions prior to 3.7.4 **Description** The issue is related to an open redirect vulnerability in the aiohttp library, which can allow a remote attacker to conduct phishing attacks using a specially crafted link. This vulnerability is caused by a bug in the `aiohttp.web middlewares.normalize path middleware` middleware. **Recommendations** For versions prior to 3.7.4, upgrade your dependency using pip as follows: "pip install aiohttp >= 3.7.4". If upgrading is not an option, a workaround can be to avoid using `aiohttp.web middlewares.normalize path middleware` in your applications.