8 matches found
ROOT-APP-PYPI-CVE-2026-47265 CVE-2026-47265 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-47265 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
OESA-2026-2562 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.CVE-2026-34993 If a developer uses the cookies parameter on a per-request basis then sensitive data might be...
CVE-2026-47265 vulnerabilities
Vulnerabilities for packages: checkov, airflow, dask-kubernetes, kubeflow-katib, open-webui...
CVE-2026-47265 vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-12.9, keep, request-1276, datahub-ingestion, tritonserver-backend-vllm-cuda-13.0, lmcache-cuda-12.8, text-generation-inference, py3-vllm-cuda-12.4, dask-kubernetes-fips, awx, gitlab-cng-fips, litellm, vllm-cuda-13.2, py3-vllm-cuda-13.0,...
CVE-2026-47265
A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...
227checkergenerator (>=1.0.0 <=1.0.1), 5mghost-rover (>=0.0.1 <=0.0.3) +1701 more potentially affected by CVE-2026-47265 via aiohttp (>=3.0.0b0 <=3.13.5)
aiohttp PYPI version =3.0.0b0, =1.0.0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-47265 Source advisory: SNYK:PYTHON-AIOHTTP-17146580...
CVE-2026-47265
creationtimestamp| type| source ---|---|--- 2026-06-02 20:44:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhkudytl24 2026-06-03 23:40:58+00:00| seen| https://gist.github.com/alon710/9df1d7e2f4cb5ed041eded527313ebbc...
CVE-2026-47265
AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...