270 matches found
RHSA-2017:0002 Red Hat Security Advisory: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update
Bulletin has no description...
aiohttp < 3.9.2 Multiple Vulnerabilities - Windows
aiohttp is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...
aiohttp < 3.9.2 Multiple Vulnerabilities - Linux
aiohttp is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...
RHEL 7 : rh-nodejs8-nodejs (RHSA-2018:2949)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2949 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:1640)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1640 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
DEBIAN-CVE-2024-28871
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...
BIT-NODE-2022-32214
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...
Fedora 39 : python-aiohttp (2024-f249b74f03)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f249b74f03 advisory. Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2...
SUSE CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
Security feature bypass
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
UBUNTU-CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...
PT-2024-1633 · Apache · Apache Brpc
Name of the Vulnerable Software and Affected Versions: Apache bRPC versions 0.9.5 through 1.7.0 Description: The issue arises from the http parser not complying with the RFC-7230 HTTP 1.1 specification, specifically when handling messages with both Transfer-Encoding and Content-Length header...