aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
A bug in aiohttp.web_middlewares.normalize_path_middleware creates an open redirect vulnerability.
An attacker use this vulnerability to craft a link that, while appearing to be a link to an aiohttp-based website, redirects users to an arbitrary attacker-controlled URL.
There is no known workaround at this time.
All aiohttp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.7.4"