214 matches found
aiohttp < 3.8.0 Security Vulnerability - Linux
aiohttp is prone to a security vulnerability regarding the inconsistent interpretation of the http protocol. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43116 more potentially affected by CVE-2024-30251 via aiohttp (>=0.13.1 <=3.9.3)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-30251 Source advisory: OSV:GHSA-5M98-QGG9-WH84...
GHSA-5M98-QGG9-WH84 aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
Summary An attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. Impact An attacker can stop the application from serving requests after sending a single...
AZL-43365 CVE-2024-30251 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
Exploit for Path Traversal in Aiohttp
poc-cve-2024-23334 This repository contains a proof of concept...
DEBIAN-CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43116 more potentially affected by CVE-2024-27306 via aiohttp (>=0.13.1 <=3.9.3)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-27306 Source advisory: OSV:GHSA-7GPW-8WMC-PM8G...
python-aiohttp: HTTP request smuggling via llhttp HTTP request parser
A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...
python-aiohttp: numerous issues in HTTP parser with header parsing
An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...
aiohttp 跨站脚本漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A cross-site scripting vulnerability exists in aiohttp versions prior to 3.9.4, which stems from the use of web.static... , showindex=True, the generated index page does not escape filenames, leaving the...
python-aiohttp: http request smuggling
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...
aiohttp: CRLF injection if user controls the HTTP method using aiohttp client
A flaw was found in Aiohttp. This issue may allow an attacker to send a crafted HTTP request to the server and smuggle arbitrary HTTP headers due to improper validation of HTTP requests during the processing of the HTTP request method. By exploiting this flaw, an attacker can manipulate HTTP...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43051 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)
aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43060 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:PYSEC-2024-26...
PYSEC-2024-26
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43051 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)
aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:GHSA-5H86-8MV2-JQ9F...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43060 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:GHSA-8QPW-XQXJ-H4R2...
PT-2024-1488 · Pypi +6 · Aiohttp +6
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.2 Description: The issue is related to the Python HTTP parser in aiohttp, which has minor differences in allowable character sets. This could trigger error handling and assist in request smuggling, depending on t...
aiohttp path traversal vulnerability
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A path traversal vulnerability exists in aiohttp versions prior to 3.9.2, which stems from the fact that when followsymlinks is set to True, no checks are made to see if the file being read is located in t...
PT-2024-1487
Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.2 python3-aiohttp versions prior to 3.6.2-1ubuntu1+esm3 python3-module-aiohttp versions prior to 3.9.5-alt1 python310-aiohttp versions prior to 3.9.3-1.1 Description aiohttp is an asynchronous HTTP client/server...