6 matches found
OESA-2026-2562 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.CVE-2026-34993 If a developer uses the cookies parameter on a per-request basis then sensitive data might be...
CVE-2026-47265 vulnerabilities
Vulnerabilities for packages: dask-kubernetes, open-webui, kubeflow-katib, airflow, checkov...
CVE-2026-47265 vulnerabilities
Vulnerabilities for packages: nemo, checkov, dagster-fips, py3-vllm-cuda-12.9, airflow, datahub-ingestion-fips, request-1276, vllm-cuda-13.2, litellm, open-webui, lmcache-cuda-12.8, py3-vllm-cuda-13.0, gitlab-cng, datahub-ingestion, dagster, dask-kubernetes, text-generation-inference,...
CVE-2026-47265
A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41558 more potentially affected by CVE-2026-47265 via aiohttp (>=3.0.0b0 <=3.13.5)
aiohttp PYPI version =3.0.0b0, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-47265 Source advisory: SNYK:PYTHON-AIOHTTP-17146580...
CVE-2026-47265
AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...