213 matches found
The vulnerability of the aiohttp HTTP client arises from insufficient validation of input data, allowing attackers to modify existing HTTP requests or create new ones.
The vulnerability of the aiohttp HTTP client exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to modify existing HTTP requests or create new ones...
SUSE CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
The vulnerability of the aiohttp HTTP client, related to the failure to handle CRLF sequences for line termination, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the aiohttp HTTP client is related to the lack of measures taken to neutralize CRLF sequences. Exploiting this vulnerability allows an attacker, operating remotely, to send hidden HTTP requests HTTP Request Smuggling attack...
DEBIAN-CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
aiohttp Security Vulnerabilities
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A security vulnerability exists in aiohttp versions prior to 3.9.0, which stems from incorrect authentication that allows an attacker to modify an HTTP request or create a new HTTP request while the attack...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42731 more potentially affected by CVE-2023-49081 via aiohttp (>=0.13.1 <=3.8.6)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-49081 Source advisory: OSV:GHSA-Q3QX-C6G2-7PW2...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42731 more potentially affected by CVE-2023-49082 via aiohttp (>=0.13.1 <=3.8.6)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-49082 Source advisory: OSV:GHSA-QVRW-V9RV-5RJX...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42537 more potentially affected by unknown CVE via aiohttp (>=0.13.1 <=3.8.5)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PJJW-QHG8-P2P9...
CVE-2023-47627
An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42537 more potentially affected by CVE-2023-47627 via aiohttp (>=0.13.1 <=3.8.5)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-47627 Source advisory: OSV:GHSA-GFW2-4JVH-WGFG...
AZL-44538 CVE-2023-47641 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...
AZL-43519 CVE-2023-47641 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...
DEBIAN-CVE-2023-47641
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42537 more potentially affected by CVE-2023-47627 via aiohttp (>=0.13.1 <=3.8.5)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-47627 Source advisory: OSV:PYSEC-2023-246...
PYSEC-2023-247
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42130 more potentially affected by CVE-2023-47641 via aiohttp (>=0.13.1 <=3.7.4.post0)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-47641 Source advisory: OSV:PYSEC-2023-247...
UBUNTU-CVE-2023-47641
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...
aiohttp Security Vulnerabilities
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A security vulnerability exists in aiohttp versions prior to 3.8.6, which stems from a number of problems with the HTTP parser's header parsing that could lead to request smuggling...
PT-2023-7245
Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.0 Description The issue is related to improper validation in the aiohttp HTTP client/server framework, allowing an attacker to modify the HTTP request or create a new one if they control the HTTP method. This can...
The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP Request Smuggling attack...