Lucene search
K

214 matches found

OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.18 views

aiohttp < 3.8.0 Security Vulnerability - Linux

aiohttp is prone to a security vulnerability regarding the inconsistent interpretation of the http protocol. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.5CVSS6.5AI score0.00827EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/05/03 5:29 p.m.5 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43116 more potentially affected by CVE-2024-30251 via aiohttp (>=0.13.1 <=3.9.3)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-30251 Source advisory: OSV:GHSA-5M98-QGG9-WH84...

7.5CVSS6.7AI score0.01085EPSS
Exploits0
OSV
OSV
added 2024/05/03 5:29 p.m.3 views

GHSA-5M98-QGG9-WH84 aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests

Summary An attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. Impact An attacker can stop the application from serving requests after sending a single...

7.5CVSS6.8AI score0.01085EPSS
Exploits0References8
OSV
OSV
added 2024/05/02 2:15 p.m.8 views

AZL-43365 CVE-2024-30251 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS6.6AI score0.01085EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/04/27 1:21 p.m.652 views

Exploit for Path Traversal in Aiohttp

poc-cve-2024-23334 This repository contains a proof of concept...

7.5CVSS7.6AI score0.76875EPSS
Exploits15
OSV
OSV
added 2024/04/18 3:15 p.m.2 views

DEBIAN-CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.8AI score0.00666EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/04/18 1:45 p.m.7 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43116 more potentially affected by CVE-2024-27306 via aiohttp (>=0.13.1 <=3.9.3)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-27306 Source advisory: OSV:GHSA-7GPW-8WMC-PM8G...

6.1CVSS6.8AI score0.00666EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/18 1:56 a.m.4 views

python-aiohttp: HTTP request smuggling via llhttp HTTP request parser

A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...

7.5CVSS7AI score0.01422EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/04/18 1:56 a.m.3 views

python-aiohttp: numerous issues in HTTP parser with header parsing

An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...

7.5CVSS7.1AI score0.0085EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.3 views

aiohttp 跨站脚本漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A cross-site scripting vulnerability exists in aiohttp versions prior to 3.9.4, which stems from the use of web.static... , showindex=True, the generated index page does not escape filenames, leaving the...

6.1CVSS6.2AI score0.00666EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/03/27 1:22 p.m.9 views

python-aiohttp: http request smuggling

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

6.5CVSS7.1AI score0.0102EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/02/29 7:47 p.m.3 views

aiohttp: CRLF injection if user controls the HTTP method using aiohttp client

A flaw was found in Aiohttp. This issue may allow an attacker to send a crafted HTTP request to the server and smuggle arbitrary HTTP headers due to improper validation of HTTP requests during the processing of the HTTP request method. By exploiting this flaw, an attacker can manipulate HTTP...

5.3CVSS7.2AI score0.0094EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2024/01/29 11:15 p.m.8 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43051 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)

aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...

7.5CVSS6.7AI score0.76875EPSS
Exploits15
vulnersOsv
vulnersOsv
added 2024/01/29 11:15 p.m.13 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43060 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:PYSEC-2024-26...

6.5CVSS6.5AI score0.0102EPSS
Exploits1
OSV
OSV
added 2024/01/29 11:15 p.m.12 views

PYSEC-2024-26

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

6.5CVSS6.8AI score0.0102EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2024/01/29 10:31 p.m.13 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43051 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)

aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:GHSA-5H86-8MV2-JQ9F...

7.5CVSS6.7AI score0.76875EPSS
Exploits15
vulnersOsv
vulnersOsv
added 2024/01/29 10:30 p.m.8 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43060 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:GHSA-8QPW-XQXJ-H4R2...

6.5CVSS6.5AI score0.0102EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.4 views

PT-2024-1488 · Pypi +6 · Aiohttp +6

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.2 Description: The issue is related to the Python HTTP parser in aiohttp, which has minor differences in allowable character sets. This could trigger error handling and assist in request smuggling, depending on t...

7.5CVSS5.8AI score0.76875EPSS
Exploits21References85
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.2 views

aiohttp path traversal vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A path traversal vulnerability exists in aiohttp versions prior to 3.9.2, which stems from the fact that when followsymlinks is set to True, no checks are made to see if the file being read is located in t...

7.5CVSS6.7AI score0.76875EPSS
Exploits15References5
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.6 views

PT-2024-1487

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.2 python3-aiohttp versions prior to 3.6.2-1ubuntu1+esm3 python3-module-aiohttp versions prior to 3.9.5-alt1 python310-aiohttp versions prior to 3.9.3-1.1 Description aiohttp is an asynchronous HTTP client/server...

8.2CVSS7.2AI score0.76875EPSS
Exploits16References121
Rows per page
Query Builder