OpenAM 代码问题漏洞

OpenAM is an integrated access management solution developed by the OpenAM Consortium. It provides authentication, authorization, and federation features. Versions of OpenAM prior to 16.0.6 have code vulnerabilities due to an insecure Java deserialization issue with the jato.clientSession...

PT-2026-30917

Name of the Vulnerable Software and Affected Versions OpenIdentityPlatform OpenAM versions prior to 16.0.6 Description OpenIdentityPlatform OpenAM is susceptible to pre-authentication Remote Code Execution RCE due to unsafe Java deserialization of the jato.clientSession HTTP parameter. This...

BlackSheep's ClientSession is vulnerable to CRLF injection

Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...

CVE-2026-22779

Summary of public details (CVE-2026-22779) : BlackSheep, a Python asynchronous web framework, has a vulnerable HTTP Client implementation prior to version 2.4.6. The root cause is missing validation of headers, enabling CRLF injection that can modify existing HTTP requests or create new ones when...

CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

(Pwn2Own) Phoenix Contact CHARX SEC-3100 ClientSession Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of ClientSession objects in the...

aiohttp < 3.9.0 Multiple Vulnerabilities - Linux

aiohttp is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...

CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

aiohttp's ClientSession is vulnerable to CRLF injection via version

Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...

GHSA-Q3QX-C6G2-7PW2 aiohttp's ClientSession is vulnerable to CRLF injection via version

Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...

CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...