1086 matches found
aiohttp path traversal vulnerability
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A path traversal vulnerability exists in aiohttp versions prior to 3.9.2, which stems from the fact that when followsymlinks is set to True, no checks are made to see if the file being read is located in t...
PT-2024-1488 · Pypi +6 · Aiohttp +6
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.2 Description: The issue is related to the Python HTTP parser in aiohttp, which has minor differences in allowable character sets. This could trigger error handling and assist in request smuggling, depending on t...
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘followsymlinks’ can be used to determine whether to follow symboli...
SUSE-SU-2024:0168-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: Updated to version 3.8.6: - CVE-2023-49082: Fixed an HTTP header injection via a crafted method bsc1217682...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0168-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0168-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mak...
Fedora: Security Advisory for python-aiohttp (FEDORA-2023-a04cc349e1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-aiohttp (FEDORA-2023-1f06098c71)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: python-aiohttp-3.9.1-1.fc39
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
Fedora 38 : python-aiohttp / python-pysqueezebox / python-wled (2023-1f06098c71)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-1f06098c71 advisory. Security fix for CVE-2023-49081, CVE-2023-49082. Update python-aiohttp to 3.9.1. Patch python-pysqeezebox and python-wled so they do not have an...
Fedora 39 : python-aiohttp / python-pysqueezebox / python-wled (2023-a04cc349e1)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a04cc349e1 advisory. Security fix for CVE-2023-49081, CVE-2023-49082. Update python-aiohttp to 3.9.1. Patch python-pysqeezebox and python-wled so they do not have an...
SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0034-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0034-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0033-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0033-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mad...
SUSE-SU-2024:0034-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2023-49081: fixed an HTTP header injection via a crafted version bsc1217684...
SUSE-SU-2024:0033-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2023-49081: fixed an HTTP header injection via a crafted version bsc1217684...
SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2023:4909-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4909-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security...
SUSE-SU-2023:4909-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2023-47641: Fixed inconsistent interpretation of the http protocol, if content-length and transport-encoding are in the same header with transport-encoding value of 'chunked' bsc1217174...
Request Smuggling
aiohttp is vulnerable to Request Smuggling. The vulnerability exists due to improper HTTP method validation in this library, which allows attackers to modify HTTP requests...
Improper validation in meraki
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
GHSA-6X4H-9622-FQR6 Improper validation in meraki
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
Fedora: Security Advisory for python-aiohttp (FEDORA-2023-5130a73b00)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...