5 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-34519
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when...
CVE-2026-34519
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by controlling the 'reason' parameter during the creation of an HTTP response. This could allow the attacker to inject additional HTTP headers, potentially...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1211 more potentially affected by CVE-2026-34519 via aiohttp (>=3.0.0b0 <=3.13.3)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34519 Source advisory: SNYK:PYTHON-AIOHTTP-15873731...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1340 more potentially affected by CVE-2026-34519 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34519 Source advisory: OSV:GHSA-MWH4-6H8G-PG8W...
CVE-2026-34519
CVE-2026-34519 affects the AIOHTTP library (asyncio-based HTTP client/server for Python). The issue occurs before version 3.13.4 where an attacker controlling the reason parameter when creating a Response can inject extra headers or similar exploits due to header injection in the reason phrase. T...