1148 matches found
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
UBUNTU-CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304
CVE-2024-52304 – aiohttp request-smuggling vulnerability : Prior to 3.10.11, aiohttp’s Python parser mishandled newlines in chunk extensions, enabling a request-smuggling condition under certain scenarios. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker coul...
CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52303
CVE-2024-52303 affects aiohttp (async HTTP framework for Python/asyncio): memory leak when a request produces a MatchInfoError, caused by a per-request cache entry created during MatchInfoError construction. This can enable memory exhaustion on the server under high request rates (hundreds of tho...
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp version 3.10.6 through versions prior to 3.10.11, which stems from the presence of a memory leak, where an attacker may be able to exhau...
PT-2024-8691
Name of the Vulnerable Software and Affected Versions aiohttp versions 3.10.6 through 3.10.10 Description A memory leak can occur when a request produces a MatchInfoError. This issue is caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp 3.10.11 and earlier versions, which stems from the Python parser incorrectly parsing line breaks in block extensions, potentially leadin...
Exploit for Path Traversal in Aiohttp
LFI-aiohttp-CVE-2024-23334-PoC A Bash script to automate Loca...
Fedora 41 : llhttp / python-aiohttp (2024-8deaadd998)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8deaadd998 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3. Tenable has extracted the preceding description block...
Fedora 41 : python-aiohttp (2024-c4a71dab58)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c4a71dab58 advisory. Automatic update for python-aiohttp-3.9.5-1.fc41. Changelog Fri Apr 19 2024 Benjamin A. Beasley - 3.9.5-1 - Update to 3.9.5 fix RHBZ2275991, fix CVE-2024-273...
Exploit for Path Traversal in Aiohttp
Path Traversal PoC CVE-2024-23334 Este script es una prueba...
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 Proof-of-Concept for LFI/Path Traversal vulner...