213 matches found
CVE-2026-34514 AIOHTTP: CRLF injection in multipart part content type header construction
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...
CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-22815 via aiohttp (>=3.0.0b0 <=3.13.3)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-22815 Source advisory: SNYK:PYTHON-AIOHTTP-15873739...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-22815 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-22815 Source advisory: OSV:GHSA-W2FM-2CPV-W7V5...
aiohttp 注入漏洞
Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 had a injection vulnerability. This vulnerability stemmed from the possibility that attackers could control the reason...
aiohttp 代码问题漏洞
Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained code vulnerabilities; these vulnerabilities stemmed from the possibility that static resource handlers on Windows...
aiohttp 安全漏洞
Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in aiohttp’s handling of certain multipart fo...
aiohttp 安全漏洞
Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained security vulnerabilities; these vulnerabilities stemmed from insufficient handling of headers or trailers, which...
CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...
Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...
aiohttp: AIOHTTP HTTP Request/Response Smuggling
A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...
Exploit for Path Traversal in Aiohttp
CVE‑2024‑23334 Path Traversal - PoC I created this script t...
Denial Of Service (DoS)
aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of POST request bodies when assert statements are bypassed under optimized execution, which allows an attacker to trigger an infinite loop using a specially crafted request and cause a denial of servic...
Denial Of Service (DoS)
aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of crafted requests in the Request.post method, which allows an attacker to exhaust server memory and freeze the AIOHTTP server during request processing...
CVE-2025-69226
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. An attacker can exploit a vulnerability in the path normalization logic for static files to determine if specific absolute path components exist on the server. This information disclosure is possible if the...
CVE-2025-69224
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending requests containing non-ASCII characters to the Python HTTP parser. This could lead to a request smuggling attack, allowing the attacker to bypass...
AZL-73529 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...
AZL-73532 CVE-2025-69228 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...
AZL-73509 CVE-2025-69228 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...
UBUNTU-CVE-2025-69229
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...