PYSEC-2022-43059

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...

PYSEC-2022-43059

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. aiohttp version v3.8.1 has a denial of service vulnerability that stems from failure to properly handle incoming error messages, which could be exploited by an attacker to cause a denial of service of the...

CVE-2022-33124

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...

CVE-2022-33124

CVE-2022-33124 (aiohttp 3.8.1): A denial of service can occur via an invalid IPv6 URL that triggers a ValueError, as reported in multiple sources. The IBM Cloud Pak for Watson AIOps bulletin lists CVE-2022-33124 with a CVSS base score of 5.5 (3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) and notes tha...

PT-2022-21701 · Aiohttp · Aiohttp

Name of the Vulnerable Software and Affected Versions: AIOHTTP version 3.8.1 Description: The issue concerns a potential Denial of Service DoS due to an invalid IPv6 URL, which can lead to a "ValueError: Invalid IPv6 URL" outcome. However, multiple third parties dispute this issue, citing a lack ...

USN-5386-1: AIOHTTP vulnerability

Jelmer Vernooij and Beast Glatisant discovered that AIOHTTP incorrectly handled certain URLs, leading to an open redirect attack. A remote attacker could possibly use this issue to perform phishing attacks...

USN-5386-1 python-aiohttp vulnerability

Jelmer Vernooij and Beast Glatisant discovered that AIOHTTP incorrectly handled certain URLs, leading to an open redirect attack. A remote attacker could possibly use this issue to perform phishing attacks...

AIOHTTP < 3.7.4 Open Redirect Vulnerability

According to its self-reported version, the AIOHTTP server hosted on the remote host is prior to version 3.7.4. It is, therefore, affected by a open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the clients browser to a different website. Note th...

NTLMRecon - Enumerate Information From NTLM Authentication Enabled Web Endpoints

A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an...

Mageia: Security Advisory (MGASA-2021-0161)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)

loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:PYSEC-2022-14...

ROS-2-435

2.435 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python aiohttp

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python aiohttp. Vulnerability Details CVEID: CVE-2021-21330 DESCRIPTION: AIOHTTP could allow a remote attacker to conduct phishing attacks, caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddlewar...

ROS-2-792

2.792 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...

SUSE: Security Advisory (SUSE-SU-2021:1313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : aiohttp -- open redirect vulnerability (3000acee-c45d-11eb-904f-14dae9d5a9d2)

Sviatoslav Sydorenko reports : Open redirect vulnerability -- a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddleware middleware. %NASLMINLEVEL 70300 C Tenable Network...

Fedora: Security Advisory for python-databases (FEDORA-2021-e7fabd81fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:1313-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2021-21330: Fixed the way pure-Python HTTP parser interprets // bsc1184745...

MGASA-2021-0161 Updated python-aiohttp package fixes security vulnerability

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website CVE-2021-21330...