Lucene search
K

4 matches found

OSV
OSV
added 2026/06/16 5:16 p.m.4 views

UBUNTU-CVE-2026-12003

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/05 10:58 p.m.8 views

AIOHTTP's unicode processing of header values could cause parsing discrepancies

Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...

6.5CVSS7.2AI score0.00213EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2025/07/15 11:22 p.m.3 views

SUSE CVE-2025-53643

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

3.7CVSS7.2AI score0.00297EPSS
Exploits0References6
OSV
OSV
added 2025/01/17 2:7 p.m.3 views

OESA-2025-1045 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain...

7.5CVSS7.2AI score0.00576EPSS
Exploits0References2
Rows per page
Query Builder