Session fixation

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

PYSEC-2018-80

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

CVE-2018-1000519

The CVE-2018-1000519 entry concerns aiohttp-session (aio-libs) with a Session Fixation vulnerability in RedisStorage.load_session, enabling session hijacking. Affected component: RedisStorage in aiohttp-session; vulnerable function: load_session (reference: repository link in initial doc). Exploi...

CVE-2018-1000519

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

Denial Of Service (DoS)

aiohttp is vulnerable to denial of service DoS attacks. The library does not have a limit on websocket message sizes, meaning a malicious user could send a large enough message that could cause the system to run out of memory and crash...

Directory Traversal

aiohttp is vulnerable to directory traversal attacks. This is because it does not sanitize relative paths correctly...

PT-2024-1487

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.2 python3-aiohttp versions prior to 3.6.2-1ubuntu1+esm3 python3-module-aiohttp versions prior to 3.9.5-alt1 python310-aiohttp versions prior to 3.9.3-1.1 Description aiohttp is an asynchronous HTTP client/server...