1147 matches found
CVE-2024-52303
A flaw was found in the aiohttp package. A memory leak can occur in certain configurations when a request produces a MatchInfoError. This issue was caused by adding an entry to a cache on each request due to the building of each MatchInfoError producing a unique cache entry. An attacker may be ab...
CVE-2024-52304 vulnerabilities
Vulnerabilities for packages: airflow, kserve, checkov, dask-gateway, py3-aiohttp, py3-cassandra-medusa...
DEBIAN-CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
AZL-53232 CVE-2024-52304 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
AZL-53229 CVE-2024-52304 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
UBUNTU-CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
act-workflow (>=4.8.2 <=4.8.399), ahserver (>=1.0.1 <=1.2.0) +120 more potentially affected by CVE-2024-52304 via aiohttp (>=3.0.0b0 <=3.10.10)
aiohttp PYPI version =3.0.0b0, =4.8.2, =1.0.1, =0.48.0, =0.60.2, =0.9.0, =0.9.0, =0.1.19, =24.8.0, =0.1.6, =0.9.0, =0.9.1 - atlan-application-sdk =1.0.1 - backend-ai =1.3.0 and more Source cves: CVE-2024-52304 Source advisory: SNYK:PYTHON-AIOHTTP-8383923...
act-workflow (>=4.8.2 <=4.8.399), ahserver (>=1.0.1 <=1.2.0) +253 more potentially affected by CVE-2024-52304 via aiohttp (>=0.13.1 <=3.10.10)
aiohttp PYPI version =0.13.1, =4.8.2, =1.0.1, =0.48.0, =0.60.2, =0.9.0, =0.1.1, =0.9.2, =1.1.0, =0.2.3, =0.1.0, =3.2.4b1, =0.3.0, =0.5.1 and more Source cves: CVE-2024-52304 Source advisory: OSV:GHSA-8495-4G3G-X7PR...
GHSA-8495-4G3G-X7PR vulnerabilities
Vulnerabilities for packages: airflow, kserve, checkov, dask-gateway, py3-aiohttp, py3-cassandra-medusa...
GHSA-8495-4G3G-X7PR vulnerabilities
Vulnerabilities for packages: checkov, py3-cassandra-medusa, dask-gateway, airflow, awx, py3.10-vllm-cuda-11.8, request-1276, py3-aiohttp, kserve...
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Summary The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker m...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime by creating a unique cache entry for each MatchInfoError when a request method is not allowed. This can lead to unbounded cache growth, resulting in a memory leak. Remediation Upgrade...
GHSA-27MF-GHQM-J3J8 vulnerabilities
Vulnerabilities for packages: checkov, airflow, py3-aiohttp...
GHSA-27MF-GHQM-J3J8 vulnerabilities
Vulnerabilities for packages: checkov, airflow, py3.10-vllm-cuda-11.8, py3-aiohttp...
GHSA-27MF-GHQM-J3J8 aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Summary A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. Impact If the user is making use of any middlewares with aiohttp.web then it is...
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Summary A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. Impact If the user is making use of any middlewares with aiohttp.web then it is...
CVE-2024-52303 vulnerabilities
Vulnerabilities for packages: checkov, airflow, py3-aiohttp...
DEBIAN-CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...