1086 matches found
CVE-2024-23829 vulnerabilities
Vulnerabilities for packages: checkov, py3-aiohttp, py3-cassandra-medusa...
AZL-45189 CVE-2024-23829 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829 vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, checkov, py3-aiohttp...
AZL-43774 CVE-2024-23829 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
DEBIAN-CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
PYSEC-2024-26
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40240 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2024-23829 Source advisory: OSV:PYSEC-2024-26...
PYSEC-2024-24
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
Security feature bypass
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
Directory traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40231 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)
aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...
UBUNTU-CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
UBUNTU-CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
PYSEC-2024-24
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
PYSEC-2024-26
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23334 aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
CVE-2024-23334
CVE-2024-23334 affects aiohttp when used as a web server with static routes and follow_symlinks=True, where reading a file isn’t validated against the static root. The vulnerability enables directory traversal to access arbitrary files; PoC and multiple advisories reference this behavior in versi...