Lucene search
K

10 matches found

Snyk
Snyk
added 2026/06/15 8:11 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the websocket checks. An attacker can exhaust system memory by sending large incomplete frame payloads, potentially leading to service disruption. Remediation Upgrade aiohttp to...

8.7CVSS5.3AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:11 p.m.7 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the serverhostname parameter handling during HTTPS connection reuse. An attacker can bypass intended TLS SNI checks by reusing an existing connection with a different...

7.5CVSS5.3AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:9 p.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the C HTTP parser when the maxlinesize check is bypassed for fragmented lines. An attacker can cause excessive memory consumption by sending oversized HTTP request lines, potential...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:9 p.m.7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the DigestAuthMiddleware class when authentication responses are sent after following cross-origin redirects. An attacker can obtain authentication digests by leveraging an open redirect or simil...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:49 p.m.5 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the processing of duplicate Host headers. An attacker can bypass security checks enforced by a reverse proxy by sending requests with multiple Host headers, potentially causing the proxy and the backend to...

6.3CVSS5.9AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:49 p.m.3 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting in the llhttp component. An attacker can manipulate HTTP response headers by injecting null bytes or control characters, causing headers to be interpreted differently by various components, which may lead to...

9.1CVSS5.9AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:47 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the handling of cross-origin redirects, where Cookie and Proxy-Authorization headers are not properly removed. An attacker can obtain sensitive information by causing a user to follow a redirect to a malicious...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:20 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting in the construction of multipart request headers when untrusted input is used for the contenttype parameter. An attacker can inject arbitrary headers or manipulate HTTP requests by supplying specially crafted...

6.9CVSS6AI score0.00315EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 8:8 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient restrictions in the handling of HTTP headers and trailers. An attacker can exhaust system memory by sending specially crafted requests, potentially leading to...

7.5CVSS5.9AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/05 11:10 p.m.2 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the Request.post function. An attacker can cause the application to exhaust system resources by sending a POST request. Note: This is only exploitable if Python optimizations are enabled using the -O flag or setting...

8.7CVSS7AI score0.00337EPSS
Exploits0References2
Rows per page
Query Builder