1086 matches found
OESA-2025-1047 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain...
OESA-2025-1046 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain...
OESA-2025-1045 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain...
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw was found in the aiohttp package. The Python parser parses newlines in chunk extensions incorrectly, which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed, for example, without the usual C extensions, or...
ROS-20250114-01
HTTP client aiohttp vulnerability is related to execution of a loop with an unreachable exit condition. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability of HTTP client aiohttp is related to a symbolic link issue in...
Exploit for Path Traversal in Aiohttp
CVE-2024-23334-PoC A proof of concept of the path travers...
SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:4396-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4396-1 advisory. - CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098 Tenable has...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...
SUSE-SU-2024:4396-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098...
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw was found in the aiohttp package. The Python parser parses newlines in chunk extensions incorrectly, which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed, for example, without the usual C extensions, or...
SUSE CVE-2024-30251
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
SUSE: Security Advisory (SUSE-SU-2024:4327-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:4327-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:4327-1 advisory. - CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726. Tenable has extracted...
SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:4328-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4328-1 advisory. - CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726. Tenable has extracted the preceding...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...
SUSE-SU-2024:4328-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...
SUSE-SU-2024:4327-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2024-30251: Fixed infinite loop on specially crafted POST request bsc1223726...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:4077-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:4077-1 advisory. - CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions bsc1233447 Tenable...
Debian: Security Advisory (DSA-5828-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...