From 5d19ea5e28ae9a55ef1f33ea820f813bf26a7e57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jelmer=20Vernoo=C4=B3?= <jelmer@jelmer.uk>
Date: Wed, 10 Feb 2021 04:33:11 +0000
Subject: [PATCH] Prevent open redirects from normalize_path_middleware.

---
 CHANGES/openredirects.bugfix |  1 +
 aiohttp/web_middlewares.py   |  4 ++--
 2 files changed, 7 insertions(+), 8 deletions(-)
 create mode 100644 CHANGES/openredirects.bugfix

--- /dev/null
+++ b/CHANGES/openredirects.bugfix
@@ -0,0 +1 @@
+Prevent open redirects from normalize_path_middleware.
--- a/aiohttp/web_middlewares.py
+++ b/aiohttp/web_middlewares.py
@@ -101,6 +101,7 @@ def normalize_path_middleware(
                 paths_to_check.append(merged_slashes[:-1])
 
             for path in paths_to_check:
+                path = re.sub("^//+", "/", path) # SECURITY: GHSA-v6wp-4m6f-gcjg
                 resolves, request = await _check_request_resolves(
                     request, path)
                 if resolves: