CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

OSV•added 2023/11/14 9:15 p.m.•26 views

PYSEC-2023-247

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

6.5CVSS6.4AI score0.00358EPSS

Exploits1References2

OSV•added 2023/11/14 9:15 p.m.•0 views

UBUNTU-CVE-2023-47641

6.5CVSS5.8AI score0.00358EPSS

Exploits1References5

UbuntuCve•added 2023/11/14 9:15 p.m.•23 views

CVE-2023-47641

6.5CVSS6.4AI score0.00358EPSS

Exploits1References4

vulnersOsv•added 2023/11/14 9:15 p.m.•3 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +39589 more potentially affected by CVE-2023-47641 via aiohttp (>=0.13.1 <=3.7.4.post0)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2023-47641 Source advisory: OSV:PYSEC-2023-247...

6.5CVSS6.4AI score0.00358EPSS

Exploits1

PyPA•added 2023/11/14 9:15 p.m.•4 views

PYSEC-2023-247

6.5CVSS6.7AI score0.00358EPSS

Exploits1References4Affected Software1

Prion•added 2023/11/14 9:15 p.m.•31 views

Input validation

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...

5CVSS7.1AI score0.00215EPSS

Exploits1References5Affected Software1

UbuntuCve•added 2023/11/14 9:15 p.m.•35 views

CVE-2023-47627

7.5CVSS6.8AI score0.00215EPSS

Exploits1References5

OSV•added 2023/11/14 9:15 p.m.•1 views

PYSEC-2023-246

7.5CVSS5.8AI score0.00215EPSS

Exploits1References2

OSV•added 2023/11/14 9:15 p.m.•0 views

UBUNTU-CVE-2023-47627

7.5CVSS6.5AI score0.00215EPSS

Exploits1References6

Prion•added 2023/11/14 9:15 p.m.•45 views

Open redirect

6.4CVSS7AI score0.00358EPSS

Exploits1References2Affected Software1

Debian CVE•added 2023/11/14 8:48 p.m.•62 views

CVE-2023-47627

7.5CVSS6.9AI score0.00215EPSS

Exploits1

CVE•added 2023/11/14 8:48 p.m.•391 views

CVE-2023-47627

aiohttp (Python asyncio HTTP client/server) contains a vulnerability in its HTTP parser that can lead to request smuggling when the parser is used (AIOHTTP_NO_EXTENSIONS). The issue is fixed in release 3.8.6; upgrade to 3.8.6 or later. The vulnerability is tied to header parsing and is addressed ...

7.5CVSS6.6AI score0.00215EPSS

Exploits1References6Affected Software1

OSV•added 2023/11/14 8:48 p.m.•38 views

CVE-2023-47627 Request smuggling in aiohttp

5.3CVSS6.6AI score0.00215EPSS

Exploits1References8

Vulnrichment•added 2023/11/14 8:48 p.m.•24 views

CVE-2023-47627 Request smuggling in aiohttp

5.3CVSS6.9AI score0.00215EPSS

Exploits1References5

Cvelist•added 2023/11/14 8:48 p.m.•30 views

CVE-2023-47627 Request smuggling in aiohttp

5.3CVSS7.2AI score0.00215EPSS

Exploits1References5

CVE•added 2023/11/14 8:44 p.m.•95 views

CVE-2023-47641

CVE-2023-47641 affects aiohttp (Python), where HTTP/1.1 handling can misinterpret requests when both Content-Length and Transfer-Encoding headers are present. The vendor describes a PoC using a reverse proxy that accepts both headers, with aiohttp backend treating chunked input as valid and Conte...

6.5CVSS5.1AI score0.00358EPSS

Exploits1References3Affected Software1

OSV•added 2023/11/14 8:44 p.m.•31 views

CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp

3.4CVSS5.6AI score0.00358EPSS

Exploits1References5

Vulnrichment•added 2023/11/14 8:44 p.m.•17 views

CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp

3.4CVSS6.7AI score0.00358EPSS

Exploits1References2

Debian CVE•added 2023/11/14 8:44 p.m.•39 views

CVE-2023-47641