6 matches found
OESA-2026-2562 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.CVE-2026-34993 If a developer uses the cookies parameter on a per-request basis then sensitive data might be...
CVE-2026-47265 vulnerabilities
Vulnerabilities for packages: open-webui, kubeflow-katib, checkov, airflow, dask-kubernetes...
CVE-2026-47265 vulnerabilities
Vulnerabilities for packages: keep, tritonserver-backend-vllm-cuda-13.0, awx, py3.13-scanner-test-libraries-aiohttp, text-generation-inference, request-1276, py3-vllm-cuda-12.4, dask-kubernetes-fips, kubeflow-katib, opal, dask-kubernetes, gitlab-cng, dagster-fips,...
CVE-2026-47265
A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...
227checkergenerator (>=1.0.0 <=1.0.1), 5mghost-rover (>=0.0.1 <=0.0.3) +1701 more potentially affected by CVE-2026-47265 via aiohttp (>=3.0.0b0 <=3.13.5)
aiohttp PYPI version =3.0.0b0, =1.0.0, =0.0.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.6.0, =0.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2026-47265 Source advisory: SNYK:PYTHON-AIOHTTP-17146580...
CVE-2026-47265
AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...