Lucene search
K

1233 matches found

PyPA
PyPA
added 2023/07/20 2:52 p.m.4 views

aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

Impactaiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.This vulnerability only affects users of aiohttp as an HT...

7.5CVSS7.2AI score0.03906EPSS
Exploits2References4Affected Software1
vulnersOsv
vulnersOsv
added 2023/07/20 2:52 p.m.3 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42764 more potentially affected by CVE-2023-37276 via aiohttp (>=0.13.1 <=3.8.4)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-37276 Source advisory: OSV:GHSA-45C4-8WX5-QW6W...

7.5CVSS6.7AI score0.01422EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/07/20 2:52 p.m.6 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42764 more potentially affected by CVE-2023-37276 via aiohttp (>=0.13.1 <=3.8.4)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-37276 Source advisory: OSV:PYSEC-2023-120...

7.5CVSS6.7AI score0.01422EPSS
Exploits1
OSV
OSV
added 2023/07/20 2:52 p.m.2 views

PYSEC-2023-120 aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...

7.5CVSS6.7AI score0.01422EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/07/20 2:52 p.m.67 views

aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...

7.5CVSS6.8AI score0.03906EPSS
Exploits2References9Affected Software1
NVD
NVD
added 2023/07/19 8:15 p.m.39 views

CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

7.5CVSS6.3AI score0.01422EPSS
Exploits1References4
OSV
OSV
added 2023/07/19 8:15 p.m.1 views

DEBIAN-CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

7.5CVSS6.2AI score0.01422EPSS
Exploits1References1
Prion
Prion
added 2023/07/19 8:15 p.m.35 views

Design/Logic Flaw

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5CVSS7.5AI score0.01422EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/07/19 8:15 p.m.34 views

CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

7.5CVSS6.8AI score0.01422EPSS
Exploits1References5
OSV
OSV
added 2023/07/19 8:15 p.m.1 views

UBUNTU-CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

7.5CVSS6.5AI score0.01422EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/07/19 7:39 p.m.53 views

CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5.3CVSS7.6AI score0.01422EPSS
Exploits1References4
CVE
CVE
added 2023/07/19 7:39 p.m.164 views

CVE-2023-37276

CVE-2023-37276 affects aiohttp when used as an HTTP server (aiohttp.Application); vulnerable code is in the llhttp-based HTTP request parser bundled with aiohttp v3.8.4 and earlier. Exploitation can lead to HTTP request smuggling. The issue is addressed in aiohttp 3.8.5; upgrading is recommended....

7.5CVSS6.2AI score0.01422EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2023/07/19 7:39 p.m.106 views

CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

7.5CVSS6.4AI score0.01422EPSS
Exploits1
OSV
OSV
added 2023/07/19 7:39 p.m.33 views

CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5.3CVSS6.3AI score0.01422EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/07/19 7:39 p.m.33 views

CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5.3CVSS6.8AI score0.01422EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.5 views

PT-2023-4948 · Pypi +3 · Aiohttp +3

Name of the Vulnerable Software and Affected Versions: aiohttp versions 3.8.4 and earlier Description: The issue is related to the handling of HTTP requests in aiohttp, which can lead to HTTP request smuggling when a crafted HTTP request is sent. This affects users of aiohttp as an HTTP server, b...

7.8CVSS6.2AI score0.76875EPSS
Exploits21References56
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.4 views

aiohttp 环境问题漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An environment issue vulnerability exists in aiohttp v3.8.4 and earlier versions that stems from easy HTTP request smuggling through the llhttp HTTP request parser...

7.5CVSS6.4AI score0.01422EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.9 views

PT-2023-7418

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.0 Description The issue arises from improper validation, allowing an attacker to modify the HTTP request or create a new one if they control the HTTP version. This can lead to CRLF injection and Request Smuggling...

7.2CVSS6.7AI score0.00874EPSS
Exploits1References73
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.2 views

SUSE CVE-2021-21330

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...

8.2CVSS8.6AI score0.01905EPSS
Exploits0References5
OSV
OSV
added 2023/02/10 8:48 p.m.9 views

MAL-2023-1576 Malicious code in aiohhttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 11c5b5b7d743c8d72b3476ed08b8c2952de2c6b9b05a53072f0622aebf77fd33 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
Rows per page
Query Builder