CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1147 matches found

OSV•added 2023/11/29 8:15 p.m.•2 views

DEBIAN-CVE-2023-49082

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

5.3CVSS6.1AI score0.0094EPSS

Exploits1References1

vulnersOsv•added 2023/11/29 8:15 p.m.•6 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42731 more potentially affected by CVE-2023-49082 via aiohttp (>=0.13.1 <=3.8.6)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-49082 Source advisory: OSV:PYSEC-2023-251...

5.3CVSS6.3AI score0.0094EPSS

Exploits1

Prion•added 2023/11/29 8:15 p.m.•23 views

Design/Logic Flaw

5CVSS6.7AI score0.0094EPSS

Exploits1References4Affected Software1

UbuntuCve•added 2023/11/29 8:15 p.m.•23 views

CVE-2023-49082

5.3CVSS6.3AI score0.0094EPSS

Exploits1References6

PyPA•added 2023/11/29 8:15 p.m.•5 views

PYSEC-2023-251

5.3CVSS6.7AI score0.0094EPSS

Exploits1References6Affected Software1

OSV•added 2023/11/29 8:15 p.m.•1 views

UBUNTU-CVE-2023-49082

5.3CVSS6.3AI score0.0094EPSS

Exploits1References7

Cvelist•added 2023/11/29 8:7 p.m.•33 views

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

5.3CVSS6.1AI score0.0094EPSS

Exploits1References4

CVE•added 2023/11/29 8:7 p.m.•369 views

CVE-2023-49082

CVE-2023-49082 : aiohttp contains improper validation that can enable an attacker to modify the HTTP request (for example inserting headers) or create a new HTTP request when the attacker can control the HTTP method. The impact is described as enabling request modification and potential request s...

5.3CVSS5.9AI score0.0094EPSS

Exploits1References6Affected Software1

Debian CVE•added 2023/11/29 8:7 p.m.•29 views

CVE-2023-49082

5.3CVSS5.6AI score0.0094EPSS

Exploits1

OSV•added 2023/11/29 8:7 p.m.•22 views

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

5.3CVSS5.5AI score0.0094EPSS

Exploits1References8

Veracode•added 2023/11/29 6:58 a.m.•27 views

Request Smuggling

aiohttp is vulnerable to Request Smuggling. The vulnerability exists due to improper HTTP method validation in the init function of clientreqrep.py. This allows an attacker to modify the HTTP request, such as inserting a new header or even creating a new HTTP request if the attacker can control t...

5.3CVSS7AI score0.0094EPSS

Exploits1References6Affected Software1

CNNVD•added 2023/11/29 12:0 a.m.•3 views

aiohttp Injection Vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An injection vulnerability exists in aiohttp versions prior to 3.9.0, which stems from incorrect validation that allows an attacker to modify an HTTP request e.g., by inserting a new header, or even create...

5.3CVSS7.2AI score0.0094EPSS

Exploits1References4

vulnersOsv•added 2023/11/27 11:17 p.m.•8 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42731 more potentially affected by CVE-2023-49081 via aiohttp (>=0.13.1 <=3.8.6)

7.2CVSS6.5AI score0.00874EPSS

Exploits1

OSV•added 2023/11/27 11:17 p.m.•32 views

GHSA-Q3QX-C6G2-7PW2 aiohttp's ClientSession is vulnerable to CRLF injection via version

Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...

7.2CVSS6.2AI score0.00874EPSS

Exploits1References10

Github Security Blog•added 2023/11/27 11:17 p.m.•39 views

aiohttp's ClientSession is vulnerable to CRLF injection via version

7.2CVSS5.2AI score0.00874EPSS

Exploits1References10Affected Software1

vulnersOsv•added 2023/11/27 11:17 p.m.•1 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42731 more potentially affected by CVE-2023-49082 via aiohttp (>=0.13.1 <=3.8.6)

5.3CVSS6.3AI score0.0094EPSS

Exploits1

vulnersOsv•added 2023/11/27 11:15 p.m.•3 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42537 more potentially affected by unknown CVE via aiohttp (>=0.13.1 <=3.8.5)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PJJW-QHG8-P2P9...

5.5AI score

Exploits0

Github Security Blog•added 2023/11/27 11:15 p.m.•25 views

aiohttp has vulnerable dependency that is vulnerable to request smuggling

Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ which is included in aiohttp 3.8.6+...

7AI score

Exploits0References4Affected Software1

Positive Technologies•added 2023/11/26 12:0 a.m.•2 views

PT-2023-36434 · Gnu +1 · Aiohttp +1

Уязвимость HTTP-клиента aiohttp связана с недостатками обработки HTTP-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять атаку "контрабанда HTTP-запросов"...

7.8CVSS7.3AI score

Exploits0References6

OSV•added 2023/11/24 11:6 a.m.•9 views

OESA-2023-1854 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol,...

6.5CVSS6.8AI score0.00827EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by