USN-7642-1 python-aiohttp vulnerabilities

Ben Kallus discovered that AIOHTTP did not correctly parse HTTP headers. A remote attacker could possibly use this issue to perform request smuggling. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-47627 Ivan Novikov discovered that AIOHTTP did not properly validate...

TencentOS Server 4: python-aiohttp (TSSA-2024:0266)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0266 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Fedora: Security Advisory (FEDORA-2024-c4a71dab58)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2024-27306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This...

openSUSE Security Advisory (SUSE-SU-2024:4396-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:4396-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4396-1 advisory. - CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098 Tenable has...

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

Fedora 41 : python-aiohttp (2024-c4a71dab58)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c4a71dab58 advisory. Automatic update for python-aiohttp-3.9.5-1.fc41. Changelog Fri Apr 19 2024 Benjamin A. Beasley - 3.9.5-1 - Update to 3.9.5 fix RHBZ2275991, fix CVE-2024-273...

openSUSE Security Advisory (SUSE-SU-2024:1866-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1866-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-27306: Fixed XSS on index pages for static file handling bsc1223098...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f34786d26f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-000a25f3fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : python-aiohttp (2024-e0057e6044)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0057e6044 advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

Fedora 40 : python-aiohttp / python-openapi-core (2024-000a25f3fc)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-000a25f3fc advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

Fedora 38 : python-aiohttp (2024-f34786d26f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f34786d26f advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

CVE-2024-27306 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, dask-gateway, checkov, kserve...

AZL-43357 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...