01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42486 more potentially affected by CVE-2023-37276 via aiohttp (>=0.13.1 <=3.8.4)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-37276 Source advisory: OSV:GHSA-45C4-8WX5-QW6W...

GHSA-45C4-8WX5-QW6W aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...

UBUNTU-CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

PT-2023-4948 · Pypi +3 · Aiohttp +3

Name of the Vulnerable Software and Affected Versions: aiohttp versions 3.8.4 and earlier Description: The issue is related to the handling of HTTP requests in aiohttp, which can lead to HTTP request smuggling when a crafted HTTP request is sent. This affects users of aiohttp as an HTTP server, b...

aiohttp 环境问题漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An environment issue vulnerability exists in aiohttp v3.8.4 and earlier versions that stems from easy HTTP request smuggling through the llhttp HTTP request parser...

PT-2023-7418

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.0 Description The issue arises from improper validation, allowing an attacker to modify the HTTP request or create a new one if they control the HTTP version. This can lead to CRLF injection and Request Smuggling...

Denial Of Service (DoS)

aiohttp is vulnerable to denial of service. An attacker can crash the application by providing invalid IPv6 URLs to the parsemessage function of httpparser.py...

AIOHTTP < 3.7.4 Open Redirect Vulnerability

According to its self-reported version, the AIOHTTP server hosted on the remote host is prior to version 3.7.4. It is, therefore, affected by a open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the clients browser to a different website. Note th...

The vulnerability of the aiohttp HTTP client, related to the redirection of URLs to unreliable websites, allows attackers to carry out phishing attacks.

The vulnerability of the aiohttp HTTP client is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a remote attacker to carry out phishing attacks using a specially created link...

PYSEC-2021-76

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41910 more potentially affected by CVE-2021-21330 via aiohttp (>=0.13.1 <=3.7.3)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2021-21330 Source advisory: OSV:PYSEC-2021-76...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41910 more potentially affected by CVE-2021-21330 via aiohttp (>=0.13.1 <=3.7.3)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2021-21330 Source advisory: OSV:GHSA-V6WP-4M6F-GCJG...

aiohttp Input Validation Error Vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An input validation error vulnerability exists in aiohttp versions prior to 3.7.4, which stems from an open redirection vulnerability. Maliciously crafted pointers can redirect the browser to another websi...