aiohttp: CRLF injection if user controls the HTTP method using aiohttp client

A flaw was found in Aiohttp. This issue may allow an attacker to send a crafted HTTP request to the server and smuggle arbitrary HTTP headers due to improper validation of HTTP requests during the processing of the HTTP request method. By exploiting this flaw, an attacker can manipulate HTTP...

aiohttp: HTTP request modification

A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...

python-aiohttp: numerous issues in HTTP parser with header parsing

An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 :; 남의 exploit 리뷰 Review an exploit publis...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp, python-time-machine (SUSE-SU-2024:0577-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0577-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parse...

SUSE: Security Advisory (SUSE-SU-2024:0577-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0577-1 Security update for python-aiohttp, python-time-machine

This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: Fixed backwards compatibility breakage in 3.9.2 of ssl parameter when set outside of ClientSession e.g. directly in TCPConnector Improved test suite handling of paths and...

Fedora 38 : python-aiohttp (2024-0ddda4c691)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0ddda4c691 advisory. Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2...

Fedora 39 : python-aiohttp (2024-f249b74f03)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f249b74f03 advisory. Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2...

SUSE CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

SUSE CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

CVE-2024-23829

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

Request Smuggling

aiohttp is vulnerable to Request Smuggling.The vulnerability is caused due to improper parsing of HTTP requests within httpparser.py. This flaw results in excessive resource consumption on the application server, resulting in Denial of Service DoS and/or Request Smuggling...

CVE-2024-23334

A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When...

Path Traversal

aiohttp is vulnerable to Path Traversal. The vulnerability is due to faulty path validation which checks if the file being accessed is within the intended static root directory when followsymlinks = True. This allows an attacker to access files and directories outside the intended static root...

CVE-2024-23334 vulnerabilities

Vulnerabilities for packages: checkov, py3-aiohttp, py3-cassandra-medusa...

DEBIAN-CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

AZL-44319 CVE-2024-23334 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

AZL-43552 CVE-2024-23334 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...