1086 matches found
GHSA-XX9P-XXVH-7G8J Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +39589 more potentially affected by CVE-2023-47641 via aiohttp (>=0.13.1 <=3.7.4.post0)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2023-47641 Source advisory: OSV:GHSA-XX9P-XXVH-7G8J...
aiohttp Security Vulnerabilities
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python . A security vulnerability exists in aiohttp versions prior to 3.8.6, which stems from an inconsistent interpretation of Content-Length and Transfer-Encoding in C and Python fallbacks, and can be exploited ...
aiohttp Security Vulnerabilities
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A security vulnerability exists in aiohttp versions prior to 3.8.6, which stems from a number of problems with the HTTP parser's header parsing that could lead to request smuggling...
Fedora 39 : llhttp / python-aiohttp (2023-ad76deb86e)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-ad76deb86e advisory. Update llhttp to 8.1.1 and python-aiohttp to 3.8.5. Fixes CVE-2023-30589. Tenable has extracted the preceding description block directly from the Fedora...
PT-2023-7245 · Aiohttp +5 · Aiohttp +5
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.0 Description: The issue is related to improper validation in the aiohttp HTTP client/server framework, allowing an attacker to modify the HTTP request or create a new one if they control the HTTP method. This ca...
Ubuntu 18.04 ESM / 20.04 ESM : AIOHTTP vulnerability (USN-5386-1)
The remote Ubuntu 18.04 ESM / 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5386-1 advisory. Jelmer Vernooij and Beast Glatisant discovered that AIOHTTP incorrectly handled certain URLs, leading to an open redirect attack. A remote attacker...
PT-2023-8839 · Aiohttp +5 · Aiohttp +5
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.8.6 Description: The HTTP parser in aiohttp has numerous problems with header parsing, which could lead to request smuggling. This issue is related to the handling of Content-Length values, improper handling of NUL...
Fedora: Security Advisory for python-aiohttp (FEDORA-2023-105880e618)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-aiohttp (FEDORA-2023-f75af676f2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-37276
A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...
HTTP Request Smuggling
aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability occurs due to the use of vulnerable llhttp component. When a specially constructed HTTP request is submitted, it leads to HTTP request smuggling because the server interprets one of the HTTP header values incorrectly. Only aiohttp...
SUSE CVE-2023-37276
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
GHSA-45C4-8WX5-QW6W aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...
PYSEC-2023-120 aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Impactaiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.This vulnerability only affects users of aiohttp as an HT...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +39944 more potentially affected by CVE-2023-37276 via aiohttp (>=0.13.1 <=3.8.4)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2023-37276 Source advisory: OSV:PYSEC-2023-120...
CVE-2023-37276
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...