A proof of concept of the path traversal vulnerability in the python AioHTTP library =< 3.9.1
make sure to find a valid public facing directory such as "/static/" or "/assets/"
Once you find it, go in main.py and replace the /static/ string with the one you found.