CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp 3.10.11 and earlier versions, which stems from the Python parser incorrectly parsing line breaks in block extensions, potentially leadin...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp version 3.10.6 through versions prior to 3.10.11, which stems from the presence of a memory leak, where an attacker may be able to exhau...

PT-2024-8691 · Aiohttp · Aiohttp

Name of the Vulnerable Software and Affected Versions: aiohttp versions 3.10.6 through 3.10.10 Description: A memory leak can occur when a request produces a MatchInfoError. This issue is caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a...

Exploit for Path Traversal in Aiohttp

LFI-aiohttp-CVE-2024-23334-PoC A Bash script to automate Loca...

Fedora 41 : python-aiohttp (2024-c4a71dab58)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c4a71dab58 advisory. Automatic update for python-aiohttp-3.9.5-1.fc41. Changelog Fri Apr 19 2024 Benjamin A. Beasley - 3.9.5-1 - Update to 3.9.5 fix RHBZ2275991, fix CVE-2024-273...

Fedora 41 : llhttp / python-aiohttp (2024-8deaadd998)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8deaadd998 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3. Tenable has extracted the preceding description block...

Exploit for Path Traversal in Aiohttp

Path Traversal PoC CVE-2024-23334 Este script es una prueba...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 Proof-of-Concept for LFI/Path Traversal vulner...

OESA-2024-2254 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root...

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially crafte...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Fedora: Security Advisory (FEDORA-2023-d5bd6b62e4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-ad76deb86e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-f2bb9ee617)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334-PoC A proof of concept of the LFI vulnerability...

Ubuntu: Security Advisory (USN-6991-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6991-1: AIOHTTP vulnerability

It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...