CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

Cvelist•added 2023/11/30 6:56 a.m.•26 views

CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

7.2CVSS7AI score0.0047EPSS

Exploits1References4

CNNVD•added 2023/11/30 12:0 a.m.•1 views

aiohttp Security Vulnerabilities

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A security vulnerability exists in aiohttp versions prior to 3.9.0, which stems from incorrect authentication that allows an attacker to modify an HTTP request or create a new HTTP request while the attack...

7.2CVSS6.9AI score0.0047EPSS

Exploits1References5

NVD•added 2023/11/29 8:15 p.m.•25 views

CVE-2023-49082

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

5.3CVSS0.00228EPSS

Exploits1References6

OSV•added 2023/11/29 8:15 p.m.•1 views

DEBIAN-CVE-2023-49082

5.3CVSS6.1AI score0.00228EPSS

Exploits1References1

UbuntuCve•added 2023/11/29 8:15 p.m.•23 views

CVE-2023-49082

5.3CVSS6.3AI score0.00228EPSS

Exploits1References6

Prion•added 2023/11/29 8:15 p.m.•21 views

Design/Logic Flaw

5CVSS6.7AI score0.00228EPSS

Exploits1References4Affected Software1

OSV•added 2023/11/29 8:15 p.m.•0 views

UBUNTU-CVE-2023-49082

5.3CVSS6.3AI score0.00228EPSS

Exploits1References7

PyPA•added 2023/11/29 8:15 p.m.•4 views

PYSEC-2023-251

5.3CVSS6.7AI score0.00228EPSS

Exploits1References6Affected Software1

vulnersOsv•added 2023/11/29 8:15 p.m.•4 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40190 more potentially affected by CVE-2023-49082 via aiohttp (>=0.13.1 <=3.8.6)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2023-49082 Source advisory: OSV:PYSEC-2023-251...

5.3CVSS6.4AI score0.00228EPSS

Exploits1

CVE•added 2023/11/29 8:7 p.m.•362 views

CVE-2023-49082

CVE-2023-49082 : aiohttp contains improper validation that can enable an attacker to modify the HTTP request (for example inserting headers) or create a new HTTP request when the attacker can control the HTTP method. The impact is described as enabling request modification and potential request s...

5.3CVSS5.9AI score0.00228EPSS

Exploits1References6Affected Software1

Cvelist•added 2023/11/29 8:7 p.m.•25 views

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

5.3CVSS6.1AI score0.00228EPSS

Exploits1References4

Debian CVE•added 2023/11/29 8:7 p.m.•29 views

CVE-2023-49082

5.3CVSS5.6AI score0.00228EPSS

Exploits1

OSV•added 2023/11/29 8:7 p.m.•21 views

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

5.3CVSS5.5AI score0.00228EPSS

Exploits1References8

Veracode•added 2023/11/29 6:58 a.m.•27 views

Request Smuggling

aiohttp is vulnerable to Request Smuggling. The vulnerability exists due to improper HTTP method validation in the init function of clientreqrep.py. This allows an attacker to modify the HTTP request, such as inserting a new header or even creating a new HTTP request if the attacker can control t...

5.3CVSS7AI score0.00228EPSS

Exploits1References6Affected Software1

CNNVD•added 2023/11/29 12:0 a.m.•3 views

aiohttp Injection Vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An injection vulnerability exists in aiohttp versions prior to 3.9.0, which stems from incorrect validation that allows an attacker to modify an HTTP request e.g., by inserting a new header, or even create...

5.3CVSS7.2AI score0.00228EPSS

Exploits1References4

Github Security Blog•added 2023/11/27 11:17 p.m.•39 views

aiohttp's ClientSession is vulnerable to CRLF injection via version

Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...

7.2CVSS5.2AI score0.0047EPSS

Exploits1References10Affected Software1

OSV•added 2023/11/27 11:17 p.m.•32 views

GHSA-Q3QX-C6G2-7PW2 aiohttp's ClientSession is vulnerable to CRLF injection via version

7.2CVSS6.2AI score0.0047EPSS

Exploits1References10

vulnersOsv•added 2023/11/27 11:17 p.m.•6 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40190 more potentially affected by CVE-2023-49081 via aiohttp (>=0.13.1 <=3.8.6)

7.2CVSS6.4AI score0.0047EPSS

Exploits1

vulnersOsv•added 2023/11/27 11:17 p.m.•1 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40190 more potentially affected by CVE-2023-49082 via aiohttp (>=0.13.1 <=3.8.6)

5.3CVSS6.4AI score0.00228EPSS

Exploits1

Github Security Blog•added 2023/11/27 11:15 p.m.•24 views

aiohttp has vulnerable dependency that is vulnerable to request smuggling

Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ which is included in aiohttp 3.8.6+...

7AI score

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by