MAL-2026-3699 Malicious code in aiohttp-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b5a826a64a0405306b51cd85239237982278e758bc8109e7da521e15f003ca6e During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

OESA-2026-2193 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

OESA-2026-2192 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

[SECURITY] [DSA 6141-1] python-aiohttp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6241-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2026 https://www.debian.org/security/faq -...

ROS-20260420-73-0021

Vulnerability in python-aiohttp related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0027

Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

ROS-20260420-73-0023

Vulnerability in python-aiohttp related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0024

Vulnerability in python-aiohttp related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260420-73-0019

Vulnerability in python-aiohttp related to incorrect handling of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0022

Vulnerability in python-aiohttp related to redundant data logging. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260420-73-0025

Vulnerability in python-aiohttp related to lack of service data protection. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260420-73-0026

Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

python311-aiohttp-3.13.5-3.1 on GA media (moderate)

python311-aiohttp-3.13.5-3.1 on GA media Announcement ID: openSUSE-SU-2026:10545-1 Rating: moderate Cross-References: CVE-2026-34516 CVE-2026-34520 CVSS scores: CVE-2026-34516 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-34516 SUSE : 6.9...

OPENSUSE-SU-2026:10545-1 python311-aiohttp-3.13.5-3.1 on GA media

These are all security issues fixed in the python311-aiohttp-3.13.5-3.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-34515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose...

Linux Distros Unpatched Vulnerability : CVE-2026-22815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling...

SUSE CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

OPENSUSE-SU-2026:10490-1 python311-aiohttp-3.13.5-2.1 on GA media

These are all security issues fixed in the python311-aiohttp-3.13.5-2.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-34517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire...