1086 matches found
AZL-73497 CVE-2025-69224 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
AZL-73503 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
AZL-73526 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
UBUNTU-CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
UBUNTU-CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
Logging of Excessive Data
Overview Affected versions of this package are vulnerable to Logging of Excessive Data via the cookies attribute. An attacker can generate excessive warning-level log entries by sending specially crafted Cookie headers. Remediation Upgrade aiohttp to version 3.13.3 or higher. References - GitHub...
GHSA-FH55-R93G-J68G AIOHTTP Vulnerable to Cookie Parser Warning Storm
Summary Reading multiple invalid cookies can lead to a logging storm. Impact If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. ---- Patch:...
a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1139 more potentially affected by CVE-2025-69230 via aiohttp (>=3.0.0b0 <=3.13.2)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69230 Source advisory: SNYK:PYTHON-AIOHTTP-14872000...
a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1139 more potentially affected by CVE-2025-69229 via aiohttp (>=3.0.0b0 <=3.13.2)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69229 Source advisory: SNYK:PYTHON-AIOHTTP-14871954...
AIOHTTP vulnerable to DoS through chunked messages
Summary Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. Impact If an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU...
GHSA-G84X-MCQJ-X9QQ AIOHTTP vulnerable to DoS through chunked messages
Summary Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. Impact If an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the request.read method. An attacker can cause the server to consume excessive CPU resources by sending a large number of chunked messages. Details Denial of Service DoS describes ...
EUVD-2026-1044
AIOHTTP vulnerable to denial of service through large payloads...
a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1139 more potentially affected by CVE-2025-69228 via aiohttp (>=3.0.0b0 <=3.13.2)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69228 Source advisory: SNYK:PYTHON-AIOHTTP-14871877...
GHSA-6JHG-HG63-JVVF AIOHTTP vulnerable to denial of service through large payloads
Summary A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing. Impact If an application includes a handler that uses the Request.post method, an attacker may be able to freeze the server by exhausting the memory. ----- Patch:...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Request.post function. An attacker can cause the server to exhaust available memory and become unresponsive. Details Denial of Service DoS describes a family of attacks, all...