111 matches found
OESA-2026-2839 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...
OESA-2026-2838 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...
Python Library aiohttp < 3.14.1 Multiple Vulnerabilities
The version of the aiohttp Python library installed on the remote host is prior to 3.14.1. It is, therefore, affected by multiple vulnerabilities: - Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to...
CVE-2026-54273
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...
CVE-2026-54273
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...
CVE-2026-54273
CVE-2026-54273 (AIOHTTP) affects the AIOHTTP project (async HTTP client/server for asyncio and Python). Prior to version 3.14.1, there was no limit on the number of pipelined HTTP/1 requests that could be queued, enabling potential memory exhaustion and DoS. The issue is fixed in 3.14.1. The prov...
CVE-2026-54273 AIOHTTP: HTTP/1 Pipelined Requests Queue Without Limit
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...
aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
Summary No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch:...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of HTTP/1 pipelined requests queue without a limit. An attacker can exhaust system memory by sending a large number of pipelined requests, potentially causing...
GHSA-4FVR-RGM6-GQMC aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
Summary No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch:...
PT-2026-49587
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. The software lacked a limit on the number of pipelined requests that could be queued. An attacker could exploit this b...
Astra Linux – Vulnerability in Waitress
Waitress version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value. If that value was not in the “chunked” format, it would proceed using the Content-Length header instead. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, wit...
Astra Linux – Vulnerability in Twisted
Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, potentially leading to information disclosure. This vulnerability has been fixed in 24.7.0rc1...
Astra Linux – Vulnerability in Twisted
In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When two content-length headers were provided, the system ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
HTTP Request Smuggling
Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HttpClientCodec component. An attacker can cause response...
MiracleLinux 7 : tomcat-7.0.76-3.el7 (AXSA:2017-2389:05)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2389:05 advisory. A vulnerability was discovered in Tomcat's handling of pipelined requests when Sendfile was used. If sendfile processing completed quickly, it was...
EUVD-2020-29509
Malware in sbrugna...
EUVD-2022-2183
Malicious code in bioql PyPI...
EUVD-2018-0526
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-5647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to...