184 matches found
CVE-2026-34993
A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. An attacker could exploit this vulnerability by providing untrusted input to the CookieJar.load function. This could potentially lead to arbitrary code execution, allowing the attacker to run malicio...
GHSA-JG22-MG44-37J8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data
Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CookieJar.load function. A user who convinces another user to load a malicious serialized object can cause the execution of arbitrary code. Details Serialization is a process of converting an...
Linux Distros Unpatched Vulnerability : CVE-2026-34993
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow...
CVE-2026-34993
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
DEBIAN-CVE-2026-34993
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
CVE-2026-34993
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
CVE-2026-34993
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...
Astra Linux - уязвимость в node-tough-cookie
Versions of the tough-cookie package before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in the rejectPublicSuffixes=false mode. This issue arises from the way in which the objects are initialized...
Astra Linux - уязвимость в pypy
In the http.cookiejar.py module of Python, prior to version 3.7.3, the domain validation mechanism was not properly implemented. This vulnerability could allow existing cookies to be sent to the wrong server. Attackers could exploit this flaw by using a server whose hostname contains another vali...
Astra Linux - уязвимость в node-cookiejar
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS attacks through the Cookie.parse function, which uses an insecure regular expression...
RHCOS 4 / 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. - dnspython: denial of service in stub resolver CVE-2023-29483 - golang: net/http/cookiejar: incorrect forwarding of sensitive...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8389:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8389:01 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...
MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...
EUVD-2025-202795
Malicious code in elf-stats-merry-cookiejar-796 npm...
Malicious code in elf-stats-candystriped-cookiejar-799 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbbf7ed5d3634a4e8b673192561ea10cd7e0233c102954146734b56f323ecb86 The package elf-stats-candystriped-cookiejar-799 was found to contain malicious code...
MAL-2025-192475 Malicious code in elf-stats-candystriped-cookiejar-799 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbbf7ed5d3634a4e8b673192561ea10cd7e0233c102954146734b56f323ecb86 The package elf-stats-candystriped-cookiejar-799 was found to contain malicious code...
EUVD-2025-202772
Malicious code in elf-stats-tinsel-cookiejar-315 npm...